openSUSE Security Update: Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2450-1 Rating: moderate References: #990856 Cross-References: CVE-2016-6354 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Various packages included vulnerable parsers generated by "flex".
This update provides a fixed "flex" package and also rebuilds of packages that might have security issues caused by the auto generated code.
Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354)
Packages that were rebuilt with the fixed flex: - at - libbonobo - netpbm - openslp - sgmltool - virtuoso
Some more packages might also need to be rebuild to receive a new flex parser, but will be released later.
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1155=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i586 x86_64):
at-3.1.14-9.2 at-debuginfo-3.1.14-9.2 at-debugsource-3.1.14-9.2 flex-2.5.37-11.1 flex-debuginfo-2.5.37-11.1 flex-debugsource-2.5.37-11.1 libbonobo-2.32.1-19.1 libbonobo-debuginfo-2.32.1-19.1 libbonobo-debugsource-2.32.1-19.1 libbonobo-devel-2.32.1-19.1 libbonobo-doc-2.32.1-19.1 libbonobo-doc-debuginfo-2.32.1-19.1 libnetpbm-devel-10.66.3-6.1 libnetpbm11-10.66.3-6.1 libnetpbm11-debuginfo-10.66.3-6.1 netpbm-10.66.3-6.1 netpbm-debuginfo-10.66.3-6.1 netpbm-debugsource-10.66.3-6.1 openslp-2.0.0-14.1 openslp-debuginfo-2.0.0-14.1 openslp-debugsource-2.0.0-14.1 openslp-devel-2.0.0-14.1 openslp-server-2.0.0-14.1 openslp-server-debuginfo-2.0.0-14.1 sgmltool-1.0.9-1078.1 sgmltool-debuginfo-1.0.9-1078.1 sgmltool-debugsource-1.0.9-1078.1 virtuoso-debugsource-6.1.6-13.1 virtuoso-drivers-6.1.6-13.1 virtuoso-drivers-debuginfo-6.1.6-13.1 virtuoso-server-6.1.6-13.1 virtuoso-server-debuginfo-6.1.6-13.1
- openSUSE Leap 42.1 (noarch):
libbonobo-lang-2.32.1-19.1
- openSUSE Leap 42.1 (x86_64):
flex-32bit-2.5.37-11.1 flex-debuginfo-32bit-2.5.37-11.1 libbonobo-32bit-2.32.1-19.1 libbonobo-debuginfo-32bit-2.32.1-19.1 libnetpbm11-32bit-10.66.3-6.1 libnetpbm11-debuginfo-32bit-10.66.3-6.1 openslp-32bit-2.0.0-14.1 openslp-debuginfo-32bit-2.0.0-14.1
References:
https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/990856