Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:2450-1

Опубликовано: 04 окт. 2016
Источник: suse-cvrf

Описание

Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso

Various packages included vulnerable parsers generated by 'flex'.

This update provides a fixed 'flex' package and also rebuilds of packages that might have security issues caused by the auto generated code.

Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354)

Packages that were rebuilt with the fixed flex:

  • at
  • libbonobo
  • netpbm
  • openslp
  • sgmltool
  • virtuoso

Some more packages might also need to be rebuild to receive a new flex parser, but will be released later.

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
at-3.1.14-9.2
flex-2.5.37-11.1
flex-32bit-2.5.37-11.1
libbonobo-2.32.1-19.1
libbonobo-32bit-2.32.1-19.1
libbonobo-devel-2.32.1-19.1
libbonobo-doc-2.32.1-19.1
libbonobo-lang-2.32.1-19.1
libnetpbm-devel-10.66.3-6.1
libnetpbm11-10.66.3-6.1
libnetpbm11-32bit-10.66.3-6.1
netpbm-10.66.3-6.1
openslp-2.0.0-14.1
openslp-32bit-2.0.0-14.1
openslp-devel-2.0.0-14.1
openslp-server-2.0.0-14.1
sgmltool-1.0.9-1078.1
virtuoso-6.1.6-13.1
virtuoso-drivers-6.1.6-13.1
virtuoso-server-6.1.6-13.1

Ссылки

Описание

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

Затронутые продукты
openSUSE Leap 42.1:at-3.1.14-9.2
openSUSE Leap 42.1:flex-2.5.37-11.1
openSUSE Leap 42.1:flex-32bit-2.5.37-11.1
openSUSE Leap 42.1:libbonobo-2.32.1-19.1
Ссылки