Описание
Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit
Various packages included vulnerable parsers generated by 'flex'.
This update provides a fixed 'flex' package and also rebuilds of packages that might have security issues caused by the auto generated code.
Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354)
Packages that were rebuilt with the fixed flex:
- at
- bogofilter
- cyrus-imapd
- kdelibs4
- libQtWebKit4
- libbonobo
- mdbtools
- netpbm
- openslp
- sgmltool
- virtuoso
Also libqt5-qtwebkit received an additional security fix:
- CVE-2015-8079: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode (bsc#954210).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2016:2397-1
- E-Mail link for SUSE-SU-2016:2397-1
- SUSE Security Ratings
- SUSE Bug 954210
- SUSE Bug 990856
- SUSE CVE CVE-2015-8079 page
- SUSE CVE CVE-2016-6354 page
Описание
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.
Затронутые продукты
Ссылки
- CVE-2015-8079
- SUSE Bug 954210
Описание
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Затронутые продукты
Ссылки
- CVE-2016-6354
- SUSE Bug 1026047
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 990856