Security update for hexchat

Announcement ID:	SUSE-SU-2020:2872-1
Rating:	moderate
References:	bsc#1020739 bsc#1034310
Cross-References:	CVE-2016-2087
CVSS scores:	CVE-2016-2087 ( NVD ): 7.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves one vulnerability and has one security fix can now be installed.

Description:

This update for hexchat fixes the following issues:

• CVE-2016-2087: A directory traversal was possible if a user could be convinced to connect to a server with a hostname with ".." in its name. (bsc#1020739).

This non-security issue was fixed:

• Add dependency on iso-codes and hwdata as hexchat tries to use them (bsc#1034310)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Workstation Extension 12 12-SP5
  zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2872=1

Package List:

• SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
  • hexchat-debugsource-2.12.0-6.5.146
  • hexchat-2.12.0-6.5.146
  • hexchat-debuginfo-2.12.0-6.5.146
• SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
  • hexchat-lang-2.12.0-6.5.146

References:

• https://www.suse.com/security/cve/CVE-2016-2087.html
• https://bugzilla.suse.com/show_bug.cgi?id=1020739
• https://bugzilla.suse.com/show_bug.cgi?id=1034310