USN-967-1: w3m vulnerability
9 August 2010
The web browser w3m does not properly validate SSL/TLS certificates.
- w3m - WWW browsable pager with excellent tables/frames support w3m-img
Ludwig Nussel discovered w3m does not properly handle SSL/TLS
certificates with NULL characters in the certificate name. An
attacker could exploit this to perform a machine-in-the-middle
attack to view sensitive information or alter encrypted
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart any running instances
of w3m to effect the necessary changes.