SUSE-SU-2016:2397-1: moderate: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Sep 27 11:15:54 MDT 2016


   SUSE Security Update: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:2397-1
Rating:             moderate
References:         #954210 #990856 
Cross-References:   CVE-2015-8079 CVE-2016-6354
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP1
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   Various packages included vulnerable parsers generated by "flex".

   This update provides a fixed "flex" package and also rebuilds of packages
   that might have security issues caused by the auto generated code.

   Flex itself was updated to fix a buffer overflow in the generated scanner
   (bsc#990856, CVE-2016-6354)

   Packages that were rebuilt with the fixed flex:
   - at
   - bogofilter
   - cyrus-imapd
   - kdelibs4
   - libQtWebKit4
   - libbonobo
   - mdbtools
   - netpbm
   - openslp
   - sgmltool
   - virtuoso

   Also libqt5-qtwebkit received an additional security fix:
   - CVE-2015-8079: QtWebKit logs visited URLs to WebpageIcons.db in private
     browsing mode (bsc#954210).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP1:

      zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1390=1

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1390=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1390=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1390=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):

      bogofilter-1.2.4-5.3
      bogofilter-debuginfo-1.2.4-5.3
      bogofilter-debugsource-1.2.4-5.3

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      flex-2.5.37-8.1
      flex-debuginfo-2.5.37-8.1
      flex-debugsource-2.5.37-8.1
      libbonobo-debuginfo-2.32.1-16.1
      libbonobo-debugsource-2.32.1-16.1
      libbonobo-devel-2.32.1-16.1
      libnetpbm-devel-10.66.3-4.1
      mdbtools-0.7-5.1
      mdbtools-debuginfo-0.7-5.1
      mdbtools-debugsource-0.7-5.1
      netpbm-debuginfo-10.66.3-4.1
      netpbm-debugsource-10.66.3-4.1
      openslp-debuginfo-2.0.0-11.1
      openslp-debugsource-2.0.0-11.1
      openslp-devel-2.0.0-11.1
      sgmltool-1.0.9-1075.1
      sgmltool-debuginfo-1.0.9-1075.1
      sgmltool-debugsource-1.0.9-1075.1

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64):

      libQtWebKit-devel-4.8.6+2.3.3-3.1
      libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
      libQtWebKit4-debugsource-4.8.6+2.3.3-3.1

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      at-3.1.14-7.3
      at-debuginfo-3.1.14-7.3
      at-debugsource-3.1.14-7.3
      cyrus-imapd-debuginfo-2.3.18-40.1
      cyrus-imapd-debugsource-2.3.18-40.1
      flex-2.5.37-8.1
      flex-debuginfo-2.5.37-8.1
      flex-debugsource-2.5.37-8.1
      kdelibs4-debuginfo-4.12.0-7.3
      kdelibs4-debugsource-4.12.0-7.3
      libbonobo-2.32.1-16.1
      libbonobo-debuginfo-2.32.1-16.1
      libbonobo-debugsource-2.32.1-16.1
      libbonobo-doc-2.32.1-16.1
      libbonobo-doc-debuginfo-2.32.1-16.1
      libkde4-4.12.0-7.3
      libkde4-debuginfo-4.12.0-7.3
      libkdecore4-4.12.0-7.3
      libkdecore4-debuginfo-4.12.0-7.3
      libksuseinstall1-4.12.0-7.3
      libksuseinstall1-debuginfo-4.12.0-7.3
      libnetpbm11-10.66.3-4.1
      libnetpbm11-debuginfo-10.66.3-4.1
      netpbm-10.66.3-4.1
      netpbm-debuginfo-10.66.3-4.1
      netpbm-debugsource-10.66.3-4.1
      openslp-2.0.0-11.1
      openslp-debuginfo-2.0.0-11.1
      openslp-debugsource-2.0.0-11.1
      openslp-server-2.0.0-11.1
      openslp-server-debuginfo-2.0.0-11.1
      perl-Cyrus-IMAP-2.3.18-40.1
      perl-Cyrus-IMAP-debuginfo-2.3.18-40.1
      perl-Cyrus-SIEVE-managesieve-2.3.18-40.1
      perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-40.1

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64):

      libQtWebKit4-4.8.6+2.3.3-3.1
      libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
      libQtWebKit4-debugsource-4.8.6+2.3.3-3.1

   - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):

      flex-32bit-2.5.37-8.1
      flex-debuginfo-32bit-2.5.37-8.1
      libbonobo-32bit-2.32.1-16.1
      libbonobo-debuginfo-32bit-2.32.1-16.1
      libkde4-32bit-4.12.0-7.3
      libkde4-debuginfo-32bit-4.12.0-7.3
      libkdecore4-32bit-4.12.0-7.3
      libkdecore4-debuginfo-32bit-4.12.0-7.3
      libksuseinstall1-32bit-4.12.0-7.3
      libksuseinstall1-debuginfo-32bit-4.12.0-7.3
      libnetpbm11-32bit-10.66.3-4.1
      libnetpbm11-debuginfo-32bit-10.66.3-4.1
      openslp-32bit-2.0.0-11.1
      openslp-debuginfo-32bit-2.0.0-11.1

   - SUSE Linux Enterprise Server 12-SP1 (x86_64):

      libQtWebKit4-32bit-4.8.6+2.3.3-3.1
      libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1

   - SUSE Linux Enterprise Server 12-SP1 (noarch):

      libbonobo-lang-2.32.1-16.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      at-3.1.14-7.3
      at-debuginfo-3.1.14-7.3
      at-debugsource-3.1.14-7.3
      bogofilter-1.2.4-5.3
      bogofilter-debuginfo-1.2.4-5.3
      bogofilter-debugsource-1.2.4-5.3
      kdelibs4-debuginfo-4.12.0-7.3
      kdelibs4-debugsource-4.12.0-7.3
      libQtWebKit4-32bit-4.8.6+2.3.3-3.1
      libQtWebKit4-4.8.6+2.3.3-3.1
      libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1
      libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
      libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
      libbonobo-2.32.1-16.1
      libbonobo-32bit-2.32.1-16.1
      libbonobo-debuginfo-2.32.1-16.1
      libbonobo-debuginfo-32bit-2.32.1-16.1
      libbonobo-debugsource-2.32.1-16.1
      libkde4-32bit-4.12.0-7.3
      libkde4-4.12.0-7.3
      libkde4-debuginfo-32bit-4.12.0-7.3
      libkde4-debuginfo-4.12.0-7.3
      libkdecore4-32bit-4.12.0-7.3
      libkdecore4-4.12.0-7.3
      libkdecore4-debuginfo-32bit-4.12.0-7.3
      libkdecore4-debuginfo-4.12.0-7.3
      libksuseinstall1-32bit-4.12.0-7.3
      libksuseinstall1-4.12.0-7.3
      libksuseinstall1-debuginfo-32bit-4.12.0-7.3
      libksuseinstall1-debuginfo-4.12.0-7.3
      libnetpbm11-10.66.3-4.1
      libnetpbm11-32bit-10.66.3-4.1
      libnetpbm11-debuginfo-10.66.3-4.1
      libnetpbm11-debuginfo-32bit-10.66.3-4.1
      netpbm-10.66.3-4.1
      netpbm-debuginfo-10.66.3-4.1
      netpbm-debugsource-10.66.3-4.1
      openslp-2.0.0-11.1
      openslp-32bit-2.0.0-11.1
      openslp-debuginfo-2.0.0-11.1
      openslp-debuginfo-32bit-2.0.0-11.1
      openslp-debugsource-2.0.0-11.1

   - SUSE Linux Enterprise Desktop 12-SP1 (noarch):

      libbonobo-lang-2.32.1-16.1


References:

   https://www.suse.com/security/cve/CVE-2015-8079.html
   https://www.suse.com/security/cve/CVE-2016-6354.html
   https://bugzilla.suse.com/954210
   https://bugzilla.suse.com/990856



More information about the sle-security-updates mailing list