Detections
Analytics
openSUSE Security Update : flex / at / libbonobo / etc (openSUSE-2016-1155)
critical Nessus Plugin ID 93855
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
Various packages included vulnerable parsers generated by 'flex'.This update provides a fixed 'flex' package and also rebuilds of packages that might have security issues caused by the auto generated code.
Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354)
Packages that were rebuilt with the fixed flex :
- at
- libbonobo
- netpbm
- openslp
- sgmltool
- virtuoso
Some more packages might also need to be rebuild to receive a new flex parser, but will be released later.
This update was imported from the SUSE:SLE-12:Update update project.
Solution
Update the affected flex / at / libbonobo / etc packages.See Also
Plugin Details
Severity: Critical
ID: 93855
File Name: openSUSE-2016-1155.nasl
Version: 2.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/5/2016
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:at, p-cpe:/a:novell:opensuse:at-debuginfo, p-cpe:/a:novell:opensuse:at-debugsource, p-cpe:/a:novell:opensuse:flex, p-cpe:/a:novell:opensuse:flex-32bit, p-cpe:/a:novell:opensuse:flex-debuginfo, p-cpe:/a:novell:opensuse:flex-debuginfo-32bit, p-cpe:/a:novell:opensuse:flex-debugsource, p-cpe:/a:novell:opensuse:libbonobo, p-cpe:/a:novell:opensuse:libbonobo-32bit, p-cpe:/a:novell:opensuse:libbonobo-debuginfo, p-cpe:/a:novell:opensuse:libbonobo-debuginfo-32bit, p-cpe:/a:novell:opensuse:libbonobo-debugsource, p-cpe:/a:novell:opensuse:libbonobo-devel, p-cpe:/a:novell:opensuse:libbonobo-doc-debuginfo, p-cpe:/a:novell:opensuse:libbonobo-lang, p-cpe:/a:novell:opensuse:libnetpbm-devel, p-cpe:/a:novell:opensuse:libnetpbm11, p-cpe:/a:novell:opensuse:libnetpbm11-32bit, p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo, p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo-32bit, p-cpe:/a:novell:opensuse:netpbm, p-cpe:/a:novell:opensuse:netpbm-debuginfo, p-cpe:/a:novell:opensuse:netpbm-debugsource, p-cpe:/a:novell:opensuse:openslp, p-cpe:/a:novell:opensuse:openslp-32bit, p-cpe:/a:novell:opensuse:openslp-debuginfo, p-cpe:/a:novell:opensuse:openslp-debuginfo-32bit, p-cpe:/a:novell:opensuse:openslp-debugsource, p-cpe:/a:novell:opensuse:openslp-devel, p-cpe:/a:novell:opensuse:openslp-server, p-cpe:/a:novell:opensuse:openslp-server-debuginfo, p-cpe:/a:novell:opensuse:sgmltool, p-cpe:/a:novell:opensuse:sgmltool-debuginfo, p-cpe:/a:novell:opensuse:sgmltool-debugsource, p-cpe:/a:novell:opensuse:virtuoso-debugsource, p-cpe:/a:novell:opensuse:virtuoso-drivers, p-cpe:/a:novell:opensuse:virtuoso-drivers-debuginfo, p-cpe:/a:novell:opensuse:virtuoso-server, p-cpe:/a:novell:opensuse:virtuoso-server-debuginfo, cpe:/o:novell:opensuse:42.1
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 10/4/2016
Reference Information
CVE: CVE-2016-6354