Mailinglist Archive: opensuse-updates (118 mails)

< Previous Next >
openSUSE-SU-2016:2450-1: moderate: Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso
openSUSE Security Update: Security update for flex, at, libbonobo, netpbm,
openslp, sgmltool, virtuoso
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2450-1
Rating: moderate
References: #990856
Cross-References: CVE-2016-6354
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


Various packages included vulnerable parsers generated by "flex".

This update provides a fixed "flex" package and also rebuilds of packages
that might have security issues caused by the auto generated code.

Flex itself was updated to fix a buffer overflow in the generated scanner
(bsc#990856, CVE-2016-6354)

Packages that were rebuilt with the fixed flex:
- at
- libbonobo
- netpbm
- openslp
- sgmltool
- virtuoso

Some more packages might also need to be rebuild to receive a new flex
parser, but will be released later.

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1155=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

at-3.1.14-9.2
at-debuginfo-3.1.14-9.2
at-debugsource-3.1.14-9.2
flex-2.5.37-11.1
flex-debuginfo-2.5.37-11.1
flex-debugsource-2.5.37-11.1
libbonobo-2.32.1-19.1
libbonobo-debuginfo-2.32.1-19.1
libbonobo-debugsource-2.32.1-19.1
libbonobo-devel-2.32.1-19.1
libbonobo-doc-2.32.1-19.1
libbonobo-doc-debuginfo-2.32.1-19.1
libnetpbm-devel-10.66.3-6.1
libnetpbm11-10.66.3-6.1
libnetpbm11-debuginfo-10.66.3-6.1
netpbm-10.66.3-6.1
netpbm-debuginfo-10.66.3-6.1
netpbm-debugsource-10.66.3-6.1
openslp-2.0.0-14.1
openslp-debuginfo-2.0.0-14.1
openslp-debugsource-2.0.0-14.1
openslp-devel-2.0.0-14.1
openslp-server-2.0.0-14.1
openslp-server-debuginfo-2.0.0-14.1
sgmltool-1.0.9-1078.1
sgmltool-debuginfo-1.0.9-1078.1
sgmltool-debugsource-1.0.9-1078.1
virtuoso-debugsource-6.1.6-13.1
virtuoso-drivers-6.1.6-13.1
virtuoso-drivers-debuginfo-6.1.6-13.1
virtuoso-server-6.1.6-13.1
virtuoso-server-debuginfo-6.1.6-13.1

- openSUSE Leap 42.1 (noarch):

libbonobo-lang-2.32.1-19.1

- openSUSE Leap 42.1 (x86_64):

flex-32bit-2.5.37-11.1
flex-debuginfo-32bit-2.5.37-11.1
libbonobo-32bit-2.32.1-19.1
libbonobo-debuginfo-32bit-2.32.1-19.1
libnetpbm11-32bit-10.66.3-6.1
libnetpbm11-debuginfo-32bit-10.66.3-6.1
openslp-32bit-2.0.0-14.1
openslp-debuginfo-32bit-2.0.0-14.1


References:

https://www.suse.com/security/cve/CVE-2016-6354.html
https://bugzilla.suse.com/990856


< Previous Next >
This Thread
  • No further messages