Ubuntu Security Notice USN-967-1 August 09, 2010
w3m vulnerability
CVE-2010-2074
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
w3m 0.5.1-4ubuntu2.6.06.1
Ubuntu 8.04 LTS:
w3m 0.5.1-5.1ubuntu1.1
Ubuntu 9.04:
w3m 0.5.2-2ubuntu0.1
Ubuntu 9.10:
w3m 0.5.2-2ubuntu1.1
Ubuntu 10.04 LTS:
w3m 0.5.2-2.1ubuntu1.1
After a standard system update you need to restart any running instances
of w3m to effect the necessary changes.
Details follow:
Ludwig Nussel discovered w3m does not properly handle SSL/TLS
certificates with NULL characters in the certificate name. An
attacker could exploit this to perform a man in the middle
attack to view sensitive information or alter encrypted
communications. (CVE-2010-2074)