SUSE-SU-2016:2397-1: moderate: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Sep 27 11:15:54 MDT 2016
SUSE Security Update: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2397-1
Rating: moderate
References: #954210 #990856
Cross-References: CVE-2015-8079 CVE-2016-6354
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Various packages included vulnerable parsers generated by "flex".
This update provides a fixed "flex" package and also rebuilds of packages
that might have security issues caused by the auto generated code.
Flex itself was updated to fix a buffer overflow in the generated scanner
(bsc#990856, CVE-2016-6354)
Packages that were rebuilt with the fixed flex:
- at
- bogofilter
- cyrus-imapd
- kdelibs4
- libQtWebKit4
- libbonobo
- mdbtools
- netpbm
- openslp
- sgmltool
- virtuoso
Also libqt5-qtwebkit received an additional security fix:
- CVE-2015-8079: QtWebKit logs visited URLs to WebpageIcons.db in private
browsing mode (bsc#954210).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1390=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1390=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1390=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1390=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
bogofilter-1.2.4-5.3
bogofilter-debuginfo-1.2.4-5.3
bogofilter-debugsource-1.2.4-5.3
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
flex-2.5.37-8.1
flex-debuginfo-2.5.37-8.1
flex-debugsource-2.5.37-8.1
libbonobo-debuginfo-2.32.1-16.1
libbonobo-debugsource-2.32.1-16.1
libbonobo-devel-2.32.1-16.1
libnetpbm-devel-10.66.3-4.1
mdbtools-0.7-5.1
mdbtools-debuginfo-0.7-5.1
mdbtools-debugsource-0.7-5.1
netpbm-debuginfo-10.66.3-4.1
netpbm-debugsource-10.66.3-4.1
openslp-debuginfo-2.0.0-11.1
openslp-debugsource-2.0.0-11.1
openslp-devel-2.0.0-11.1
sgmltool-1.0.9-1075.1
sgmltool-debuginfo-1.0.9-1075.1
sgmltool-debugsource-1.0.9-1075.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64):
libQtWebKit-devel-4.8.6+2.3.3-3.1
libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
at-3.1.14-7.3
at-debuginfo-3.1.14-7.3
at-debugsource-3.1.14-7.3
cyrus-imapd-debuginfo-2.3.18-40.1
cyrus-imapd-debugsource-2.3.18-40.1
flex-2.5.37-8.1
flex-debuginfo-2.5.37-8.1
flex-debugsource-2.5.37-8.1
kdelibs4-debuginfo-4.12.0-7.3
kdelibs4-debugsource-4.12.0-7.3
libbonobo-2.32.1-16.1
libbonobo-debuginfo-2.32.1-16.1
libbonobo-debugsource-2.32.1-16.1
libbonobo-doc-2.32.1-16.1
libbonobo-doc-debuginfo-2.32.1-16.1
libkde4-4.12.0-7.3
libkde4-debuginfo-4.12.0-7.3
libkdecore4-4.12.0-7.3
libkdecore4-debuginfo-4.12.0-7.3
libksuseinstall1-4.12.0-7.3
libksuseinstall1-debuginfo-4.12.0-7.3
libnetpbm11-10.66.3-4.1
libnetpbm11-debuginfo-10.66.3-4.1
netpbm-10.66.3-4.1
netpbm-debuginfo-10.66.3-4.1
netpbm-debugsource-10.66.3-4.1
openslp-2.0.0-11.1
openslp-debuginfo-2.0.0-11.1
openslp-debugsource-2.0.0-11.1
openslp-server-2.0.0-11.1
openslp-server-debuginfo-2.0.0-11.1
perl-Cyrus-IMAP-2.3.18-40.1
perl-Cyrus-IMAP-debuginfo-2.3.18-40.1
perl-Cyrus-SIEVE-managesieve-2.3.18-40.1
perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-40.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64):
libQtWebKit4-4.8.6+2.3.3-3.1
libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
- SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
flex-32bit-2.5.37-8.1
flex-debuginfo-32bit-2.5.37-8.1
libbonobo-32bit-2.32.1-16.1
libbonobo-debuginfo-32bit-2.32.1-16.1
libkde4-32bit-4.12.0-7.3
libkde4-debuginfo-32bit-4.12.0-7.3
libkdecore4-32bit-4.12.0-7.3
libkdecore4-debuginfo-32bit-4.12.0-7.3
libksuseinstall1-32bit-4.12.0-7.3
libksuseinstall1-debuginfo-32bit-4.12.0-7.3
libnetpbm11-32bit-10.66.3-4.1
libnetpbm11-debuginfo-32bit-10.66.3-4.1
openslp-32bit-2.0.0-11.1
openslp-debuginfo-32bit-2.0.0-11.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
libQtWebKit4-32bit-4.8.6+2.3.3-3.1
libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1
- SUSE Linux Enterprise Server 12-SP1 (noarch):
libbonobo-lang-2.32.1-16.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
at-3.1.14-7.3
at-debuginfo-3.1.14-7.3
at-debugsource-3.1.14-7.3
bogofilter-1.2.4-5.3
bogofilter-debuginfo-1.2.4-5.3
bogofilter-debugsource-1.2.4-5.3
kdelibs4-debuginfo-4.12.0-7.3
kdelibs4-debugsource-4.12.0-7.3
libQtWebKit4-32bit-4.8.6+2.3.3-3.1
libQtWebKit4-4.8.6+2.3.3-3.1
libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1
libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
libbonobo-2.32.1-16.1
libbonobo-32bit-2.32.1-16.1
libbonobo-debuginfo-2.32.1-16.1
libbonobo-debuginfo-32bit-2.32.1-16.1
libbonobo-debugsource-2.32.1-16.1
libkde4-32bit-4.12.0-7.3
libkde4-4.12.0-7.3
libkde4-debuginfo-32bit-4.12.0-7.3
libkde4-debuginfo-4.12.0-7.3
libkdecore4-32bit-4.12.0-7.3
libkdecore4-4.12.0-7.3
libkdecore4-debuginfo-32bit-4.12.0-7.3
libkdecore4-debuginfo-4.12.0-7.3
libksuseinstall1-32bit-4.12.0-7.3
libksuseinstall1-4.12.0-7.3
libksuseinstall1-debuginfo-32bit-4.12.0-7.3
libksuseinstall1-debuginfo-4.12.0-7.3
libnetpbm11-10.66.3-4.1
libnetpbm11-32bit-10.66.3-4.1
libnetpbm11-debuginfo-10.66.3-4.1
libnetpbm11-debuginfo-32bit-10.66.3-4.1
netpbm-10.66.3-4.1
netpbm-debuginfo-10.66.3-4.1
netpbm-debugsource-10.66.3-4.1
openslp-2.0.0-11.1
openslp-32bit-2.0.0-11.1
openslp-debuginfo-2.0.0-11.1
openslp-debuginfo-32bit-2.0.0-11.1
openslp-debugsource-2.0.0-11.1
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
libbonobo-lang-2.32.1-16.1
References:
https://www.suse.com/security/cve/CVE-2015-8079.html
https://www.suse.com/security/cve/CVE-2016-6354.html
https://bugzilla.suse.com/954210
https://bugzilla.suse.com/990856
More information about the sle-security-updates
mailing list