openSUSE Security Update : flex / at / libbonobo / etc (openSUSE-2016-1155)

critical Nessus Plugin ID 93855

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

Various packages included vulnerable parsers generated by 'flex'.

This update provides a fixed 'flex' package and also rebuilds of packages that might have security issues caused by the auto generated code.

Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354)

Packages that were rebuilt with the fixed flex :

- at

- libbonobo

- netpbm

- openslp

- sgmltool

- virtuoso

Some more packages might also need to be rebuild to receive a new flex parser, but will be released later.

This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected flex / at / libbonobo / etc packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=990856

Plugin Details

Severity: Critical

ID: 93855

File Name: openSUSE-2016-1155.nasl

Version: 2.4

Type: local

Agent: unix

Published: 10/5/2016

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:at-debuginfo, p-cpe:/a:novell:opensuse:virtuoso-server-debuginfo, p-cpe:/a:novell:opensuse:at-debugsource, p-cpe:/a:novell:opensuse:libbonobo-doc-debuginfo, p-cpe:/a:novell:opensuse:netpbm, p-cpe:/a:novell:opensuse:flex-debuginfo, p-cpe:/a:novell:opensuse:openslp, p-cpe:/a:novell:opensuse:openslp-server, p-cpe:/a:novell:opensuse:libnetpbm11-32bit, p-cpe:/a:novell:opensuse:libnetpbm-devel, p-cpe:/a:novell:opensuse:flex-debuginfo-32bit, p-cpe:/a:novell:opensuse:virtuoso-drivers, p-cpe:/a:novell:opensuse:netpbm-debugsource, p-cpe:/a:novell:opensuse:flex-debugsource, p-cpe:/a:novell:opensuse:libbonobo-debugsource, p-cpe:/a:novell:opensuse:libnetpbm11, p-cpe:/a:novell:opensuse:virtuoso-server, cpe:/o:novell:opensuse:42.1, p-cpe:/a:novell:opensuse:openslp-debugsource, p-cpe:/a:novell:opensuse:libbonobo-lang, p-cpe:/a:novell:opensuse:libbonobo-devel, p-cpe:/a:novell:opensuse:openslp-debuginfo-32bit, p-cpe:/a:novell:opensuse:libbonobo-32bit, p-cpe:/a:novell:opensuse:openslp-server-debuginfo, p-cpe:/a:novell:opensuse:sgmltool-debugsource, p-cpe:/a:novell:opensuse:sgmltool-debuginfo, p-cpe:/a:novell:opensuse:libbonobo, p-cpe:/a:novell:opensuse:openslp-debuginfo, p-cpe:/a:novell:opensuse:virtuoso-drivers-debuginfo, p-cpe:/a:novell:opensuse:at, p-cpe:/a:novell:opensuse:libbonobo-debuginfo-32bit, p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo, p-cpe:/a:novell:opensuse:virtuoso-debugsource, p-cpe:/a:novell:opensuse:netpbm-debuginfo, p-cpe:/a:novell:opensuse:libbonobo-debuginfo, p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo-32bit, p-cpe:/a:novell:opensuse:openslp-devel, p-cpe:/a:novell:opensuse:flex, p-cpe:/a:novell:opensuse:flex-32bit, p-cpe:/a:novell:opensuse:sgmltool, p-cpe:/a:novell:opensuse:openslp-32bit

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 10/4/2016

Reference Information

CVE: CVE-2016-6354