openSUSE Security Update : flex / at / libbonobo / etc (openSUSE-2016-1155)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Various packages included vulnerable parsers generated by 'flex'.

This update provides a fixed 'flex' package and also rebuilds of
packages that might have security issues caused by the auto generated
code.

Flex itself was updated to fix a buffer overflow in the generated
scanner (bsc#990856, CVE-2016-6354)

Packages that were rebuilt with the fixed flex :

- at

- libbonobo

- netpbm

- openslp

- sgmltool

- virtuoso

Some more packages might also need to be rebuild to receive a new flex
parser, but will be released later.

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=990856

Solution :

Update the affected flex / at / libbonobo / etc packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 93855 ()

Bugtraq ID:

CVE ID: CVE-2016-6354

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now