Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit

SUSE Security Update: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit
Announcement ID: SUSE-SU-2016:2397-1
Rating: moderate
References: #954210 #990856
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP1
  • SUSE Linux Enterprise Software Development Kit 12-SP1
  • SUSE Linux Enterprise Server 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that fixes two vulnerabilities is now available.

    Description:


    Various packages included vulnerable parsers generated by "flex".

    This update provides a fixed "flex" package and also rebuilds of packages
    that might have security issues caused by the auto generated code.

    Flex itself was updated to fix a buffer overflow in the generated scanner
    (bsc#990856, CVE-2016-6354)

    Packages that were rebuilt with the fixed flex:
    - at
    - bogofilter
    - cyrus-imapd
    - kdelibs4
    - libQtWebKit4
    - libbonobo
    - mdbtools
    - netpbm
    - openslp
    - sgmltool
    - virtuoso

    Also libqt5-qtwebkit received an additional security fix:
    - CVE-2015-8079: QtWebKit logs visited URLs to WebpageIcons.db in private
    browsing mode (bsc#954210).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12-SP1:
      zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1390=1
    • SUSE Linux Enterprise Software Development Kit 12-SP1:
      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1390=1
    • SUSE Linux Enterprise Server 12-SP1:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1390=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1390=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
      • bogofilter-1.2.4-5.3
      • bogofilter-debuginfo-1.2.4-5.3
      • bogofilter-debugsource-1.2.4-5.3
    • SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
      • flex-2.5.37-8.1
      • flex-debuginfo-2.5.37-8.1
      • flex-debugsource-2.5.37-8.1
      • libbonobo-debuginfo-2.32.1-16.1
      • libbonobo-debugsource-2.32.1-16.1
      • libbonobo-devel-2.32.1-16.1
      • libnetpbm-devel-10.66.3-4.1
      • mdbtools-0.7-5.1
      • mdbtools-debuginfo-0.7-5.1
      • mdbtools-debugsource-0.7-5.1
      • netpbm-debuginfo-10.66.3-4.1
      • netpbm-debugsource-10.66.3-4.1
      • openslp-debuginfo-2.0.0-11.1
      • openslp-debugsource-2.0.0-11.1
      • openslp-devel-2.0.0-11.1
      • sgmltool-1.0.9-1075.1
      • sgmltool-debuginfo-1.0.9-1075.1
      • sgmltool-debugsource-1.0.9-1075.1
    • SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64):
      • libQtWebKit-devel-4.8.6+2.3.3-3.1
      • libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
      • libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
      • at-3.1.14-7.3
      • at-debuginfo-3.1.14-7.3
      • at-debugsource-3.1.14-7.3
      • cyrus-imapd-debuginfo-2.3.18-40.1
      • cyrus-imapd-debugsource-2.3.18-40.1
      • flex-2.5.37-8.1
      • flex-debuginfo-2.5.37-8.1
      • flex-debugsource-2.5.37-8.1
      • kdelibs4-debuginfo-4.12.0-7.3
      • kdelibs4-debugsource-4.12.0-7.3
      • libbonobo-2.32.1-16.1
      • libbonobo-debuginfo-2.32.1-16.1
      • libbonobo-debugsource-2.32.1-16.1
      • libbonobo-doc-2.32.1-16.1
      • libbonobo-doc-debuginfo-2.32.1-16.1
      • libkde4-4.12.0-7.3
      • libkde4-debuginfo-4.12.0-7.3
      • libkdecore4-4.12.0-7.3
      • libkdecore4-debuginfo-4.12.0-7.3
      • libksuseinstall1-4.12.0-7.3
      • libksuseinstall1-debuginfo-4.12.0-7.3
      • libnetpbm11-10.66.3-4.1
      • libnetpbm11-debuginfo-10.66.3-4.1
      • netpbm-10.66.3-4.1
      • netpbm-debuginfo-10.66.3-4.1
      • netpbm-debugsource-10.66.3-4.1
      • openslp-2.0.0-11.1
      • openslp-debuginfo-2.0.0-11.1
      • openslp-debugsource-2.0.0-11.1
      • openslp-server-2.0.0-11.1
      • openslp-server-debuginfo-2.0.0-11.1
      • perl-Cyrus-IMAP-2.3.18-40.1
      • perl-Cyrus-IMAP-debuginfo-2.3.18-40.1
      • perl-Cyrus-SIEVE-managesieve-2.3.18-40.1
      • perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-40.1
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64):
      • libQtWebKit4-4.8.6+2.3.3-3.1
      • libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
      • libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
    • SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
      • flex-32bit-2.5.37-8.1
      • flex-debuginfo-32bit-2.5.37-8.1
      • libbonobo-32bit-2.32.1-16.1
      • libbonobo-debuginfo-32bit-2.32.1-16.1
      • libkde4-32bit-4.12.0-7.3
      • libkde4-debuginfo-32bit-4.12.0-7.3
      • libkdecore4-32bit-4.12.0-7.3
      • libkdecore4-debuginfo-32bit-4.12.0-7.3
      • libksuseinstall1-32bit-4.12.0-7.3
      • libksuseinstall1-debuginfo-32bit-4.12.0-7.3
      • libnetpbm11-32bit-10.66.3-4.1
      • libnetpbm11-debuginfo-32bit-10.66.3-4.1
      • openslp-32bit-2.0.0-11.1
      • openslp-debuginfo-32bit-2.0.0-11.1
    • SUSE Linux Enterprise Server 12-SP1 (x86_64):
      • libQtWebKit4-32bit-4.8.6+2.3.3-3.1
      • libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1
    • SUSE Linux Enterprise Server 12-SP1 (noarch):
      • libbonobo-lang-2.32.1-16.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • at-3.1.14-7.3
      • at-debuginfo-3.1.14-7.3
      • at-debugsource-3.1.14-7.3
      • bogofilter-1.2.4-5.3
      • bogofilter-debuginfo-1.2.4-5.3
      • bogofilter-debugsource-1.2.4-5.3
      • kdelibs4-debuginfo-4.12.0-7.3
      • kdelibs4-debugsource-4.12.0-7.3
      • libQtWebKit4-32bit-4.8.6+2.3.3-3.1
      • libQtWebKit4-4.8.6+2.3.3-3.1
      • libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1
      • libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1
      • libQtWebKit4-debugsource-4.8.6+2.3.3-3.1
      • libbonobo-2.32.1-16.1
      • libbonobo-32bit-2.32.1-16.1
      • libbonobo-debuginfo-2.32.1-16.1
      • libbonobo-debuginfo-32bit-2.32.1-16.1
      • libbonobo-debugsource-2.32.1-16.1
      • libkde4-32bit-4.12.0-7.3
      • libkde4-4.12.0-7.3
      • libkde4-debuginfo-32bit-4.12.0-7.3
      • libkde4-debuginfo-4.12.0-7.3
      • libkdecore4-32bit-4.12.0-7.3
      • libkdecore4-4.12.0-7.3
      • libkdecore4-debuginfo-32bit-4.12.0-7.3
      • libkdecore4-debuginfo-4.12.0-7.3
      • libksuseinstall1-32bit-4.12.0-7.3
      • libksuseinstall1-4.12.0-7.3
      • libksuseinstall1-debuginfo-32bit-4.12.0-7.3
      • libksuseinstall1-debuginfo-4.12.0-7.3
      • libnetpbm11-10.66.3-4.1
      • libnetpbm11-32bit-10.66.3-4.1
      • libnetpbm11-debuginfo-10.66.3-4.1
      • libnetpbm11-debuginfo-32bit-10.66.3-4.1
      • netpbm-10.66.3-4.1
      • netpbm-debuginfo-10.66.3-4.1
      • netpbm-debugsource-10.66.3-4.1
      • openslp-2.0.0-11.1
      • openslp-32bit-2.0.0-11.1
      • openslp-debuginfo-2.0.0-11.1
      • openslp-debuginfo-32bit-2.0.0-11.1
      • openslp-debugsource-2.0.0-11.1
    • SUSE Linux Enterprise Desktop 12-SP1 (noarch):
      • libbonobo-lang-2.32.1-16.1

    References: