Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-2074

Published: 16 June 2010

istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Priority

Medium

Status

Package Release Status
w3m
Launchpad, Ubuntu, Debian
upstream Needed

dapper
Released (0.5.1-4ubuntu2.6.06.1)
hardy
Released (0.5.1-5.1ubuntu1.1)
jaunty
Released (0.5.2-2ubuntu0.1)
karmic
Released (0.5.2-2ubuntu1.1)
lucid
Released (0.5.2-2.1ubuntu1.1)
Patches:
other: http://www.openwall.com/lists/oss-security/2010/06/14/4