openSUSE Security Update: Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2450-1 Rating: moderate References: #990856 Cross-References: CVE-2016-6354 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Various packages included vulnerable parsers generated by "flex". This update provides a fixed "flex" package and also rebuilds of packages that might have security issues caused by the auto generated code. Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354) Packages that were rebuilt with the fixed flex: - at - libbonobo - netpbm - openslp - sgmltool - virtuoso Some more packages might also need to be rebuild to receive a new flex parser, but will be released later. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1155=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): at-3.1.14-9.2 at-debuginfo-3.1.14-9.2 at-debugsource-3.1.14-9.2 flex-2.5.37-11.1 flex-debuginfo-2.5.37-11.1 flex-debugsource-2.5.37-11.1 libbonobo-2.32.1-19.1 libbonobo-debuginfo-2.32.1-19.1 libbonobo-debugsource-2.32.1-19.1 libbonobo-devel-2.32.1-19.1 libbonobo-doc-2.32.1-19.1 libbonobo-doc-debuginfo-2.32.1-19.1 libnetpbm-devel-10.66.3-6.1 libnetpbm11-10.66.3-6.1 libnetpbm11-debuginfo-10.66.3-6.1 netpbm-10.66.3-6.1 netpbm-debuginfo-10.66.3-6.1 netpbm-debugsource-10.66.3-6.1 openslp-2.0.0-14.1 openslp-debuginfo-2.0.0-14.1 openslp-debugsource-2.0.0-14.1 openslp-devel-2.0.0-14.1 openslp-server-2.0.0-14.1 openslp-server-debuginfo-2.0.0-14.1 sgmltool-1.0.9-1078.1 sgmltool-debuginfo-1.0.9-1078.1 sgmltool-debugsource-1.0.9-1078.1 virtuoso-debugsource-6.1.6-13.1 virtuoso-drivers-6.1.6-13.1 virtuoso-drivers-debuginfo-6.1.6-13.1 virtuoso-server-6.1.6-13.1 virtuoso-server-debuginfo-6.1.6-13.1 - openSUSE Leap 42.1 (noarch): libbonobo-lang-2.32.1-19.1 - openSUSE Leap 42.1 (x86_64): flex-32bit-2.5.37-11.1 flex-debuginfo-32bit-2.5.37-11.1 libbonobo-32bit-2.32.1-19.1 libbonobo-debuginfo-32bit-2.32.1-19.1 libnetpbm11-32bit-10.66.3-6.1 libnetpbm11-debuginfo-32bit-10.66.3-6.1 openslp-32bit-2.0.0-14.1 openslp-debuginfo-32bit-2.0.0-14.1 References: https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/990856