You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa MySQL

Sigurnosni nedostaci programskog paketa MySQL

SUSE Security Update: Security update for MySQL
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0769-1
Rating: important
References: #858823 #861493 #873896
Cross-References: CVE-2013-4316 CVE-2013-5860 CVE-2013-5881
CVE-2013-5882 CVE-2013-5891 CVE-2013-5894
CVE-2013-5908 CVE-2014-0001 CVE-2014-0384
CVE-2014-0386 CVE-2014-0393 CVE-2014-0401
CVE-2014-0402 CVE-2014-0412 CVE-2014-0420
CVE-2014-0427 CVE-2014-0430 CVE-2014-0431
CVE-2014-0433 CVE-2014-0437 CVE-2014-2419
CVE-2014-2430 CVE-2014-2431 CVE-2014-2432
CVE-2014-2434 CVE-2014-2435 CVE-2014-2436
CVE-2014-2438 CVE-2014-2440 CVE-2014-2442
CVE-2014-2444 CVE-2014-2450 CVE-2014-2451

Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

An update that fixes 33 vulnerabilities is now available.
It includes one version update.

Description:

MySQL was updated to version 5.5.37 to address various security issues.

More information is available at
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#A
ppendixMSQL
<http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#
AppendixMSQL> and
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#A
ppendixMSQL
<http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#
AppendixMSQL> .

Security Issues references:

* CVE-2014-2444
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2444>
* CVE-2014-2436
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436>
* CVE-2014-2440
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440>
* CVE-2014-2434
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2434>
* CVE-2014-2435
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2435>
* CVE-2014-2442
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2442>
* CVE-2014-2450
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2450>
* CVE-2014-2419
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419>
* CVE-2014-0384
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384>
* CVE-2014-2430
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430>
* CVE-2014-2451
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2451>
* CVE-2014-2438
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438>
* CVE-2014-2432
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432>
* CVE-2014-2431
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431>
* CVE-2013-4316
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4316>
* CVE-2013-5860
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5860>
* CVE-2013-5882
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5882>
* CVE-2014-0433
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0433>
* CVE-2013-5894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5894>
* CVE-2013-5881
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5881>
* CVE-2014-0412
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412>
* CVE-2014-0402
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402>
* CVE-2014-0386
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386>
* CVE-2013-5891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891>
* CVE-2014-0401
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401>
* CVE-2014-0427
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0427>
* CVE-2014-0431
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0431>
* CVE-2014-0437
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437>
* CVE-2014-0393
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393>
* CVE-2014-0430
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0430>
* CVE-2014-0420
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420>
* CVE-2013-5908
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908>
* CVE-2014-0001
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11 SP3:

zypper in -t patch sdksp3-libmysql55client18-9303

– SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-libmysql55client18-9303

– SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-libmysql55client18-9303

– SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-libmysql55client18-9303

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64):

libmysql55client_r18-32bit-5.5.37-0.7.1
libmysqlclient_r15-32bit-5.0.96-0.6.11

– SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64):

libmysql55client_r18-x86-5.5.37-0.7.1
libmysqlclient_r15-x86-5.0.96-0.6.11

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.37]:

libmysql55client18-5.5.37-0.7.1
libmysql55client_r18-5.5.37-0.7.1
libmysqlclient15-5.0.96-0.6.11
libmysqlclient_r15-5.0.96-0.6.11
mysql-5.5.37-0.7.1
mysql-client-5.5.37-0.7.1
mysql-tools-5.5.37-0.7.1

– SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.37]:

libmysql55client18-32bit-5.5.37-0.7.1
libmysqlclient15-32bit-5.0.96-0.6.11

– SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.37]:

libmysql55client18-5.5.37-0.7.1
libmysql55client_r18-5.5.37-0.7.1
libmysqlclient15-5.0.96-0.6.11
libmysqlclient_r15-5.0.96-0.6.11
mysql-5.5.37-0.7.1
mysql-client-5.5.37-0.7.1
mysql-tools-5.5.37-0.7.1

– SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.37]:

libmysql55client18-32bit-5.5.37-0.7.1
libmysqlclient15-32bit-5.0.96-0.6.11

– SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.37]:

libmysql55client18-x86-5.5.37-0.7.1
libmysqlclient15-x86-5.0.96-0.6.11

– SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.37]:

libmysql55client18-5.5.37-0.7.1
libmysql55client_r18-5.5.37-0.7.1
libmysqlclient15-5.0.96-0.6.11
libmysqlclient_r15-5.0.96-0.6.11
mysql-5.5.37-0.7.1
mysql-client-5.5.37-0.7.1

– SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.37]:

libmysql55client18-32bit-5.5.37-0.7.1
libmysql55client_r18-32bit-5.5.37-0.7.1
libmysqlclient15-32bit-5.0.96-0.6.11
libmysqlclient_r15-32bit-5.0.96-0.6.11

References:

http://support.novell.com/security/cve/CVE-2013-4316.html
http://support.novell.com/security/cve/CVE-2013-5860.html
http://support.novell.com/security/cve/CVE-2013-5881.html
http://support.novell.com/security/cve/CVE-2013-5882.html
http://support.novell.com/security/cve/CVE-2013-5891.html
http://support.novell.com/security/cve/CVE-2013-5894.html
http://support.novell.com/security/cve/CVE-2013-5908.html
http://support.novell.com/security/cve/CVE-2014-0001.html
http://support.novell.com/security/cve/CVE-2014-0384.html
http://support.novell.com/security/cve/CVE-2014-0386.html
http://support.novell.com/security/cve/CVE-2014-0393.html
http://support.novell.com/security/cve/CVE-2014-0401.html
http://support.novell.com/security/cve/CVE-2014-0402.html
http://support.novell.com/security/cve/CVE-2014-0412.html
http://support.novell.com/security/cve/CVE-2014-0420.html
http://support.novell.com/security/cve/CVE-2014-0427.html
http://support.novell.com/security/cve/CVE-2014-0430.html
http://support.novell.com/security/cve/CVE-2014-0431.html
http://support.novell.com/security/cve/CVE-2014-0433.html
http://support.novell.com/security/cve/CVE-2014-0437.html
http://support.novell.com/security/cve/CVE-2014-2419.html
http://support.novell.com/security/cve/CVE-2014-2430.html
http://support.novell.com/security/cve/CVE-2014-2431.html
http://support.novell.com/security/cve/CVE-2014-2432.html
http://support.novell.com/security/cve/CVE-2014-2434.html
http://support.novell.com/security/cve/CVE-2014-2435.html
http://support.novell.com/security/cve/CVE-2014-2436.html
http://support.novell.com/security/cve/CVE-2014-2438.html
http://support.novell.com/security/cve/CVE-2014-2440.html
http://support.novell.com/security/cve/CVE-2014-2442.html
http://support.novell.com/security/cve/CVE-2014-2444.html
http://support.novell.com/security/cve/CVE-2014-2450.html
http://support.novell.com/security/cve/CVE-2014-2451.html
https://bugzilla.novell.com/858823
https://bugzilla.novell.com/861493
https://bugzilla.novell.com/873896
http://download.suse.com/patch/finder/?keywords=ab4ffe747d344a455ea19aa1b92c9b75


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni propust programskog paketa Echoping

Otkriveni je sigurnosni propust u programskom paketu Echoping za operacijski sustav Gentoo. Otkriveni propust potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...

Close