openSUSE Security Update: Security update for mysql-community-server
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2769-1
Rating: important
References: #1005555 #1005557 #1005558 #1005560 #1005561
#1005562 #1005563 #1005566 #1005567 #1005569
#1005570 #1005581 #1005582 #1005583 #1005586
#971456 #977614 #983938 #986251 #989911 #989913
#989914 #989915 #989919 #989921 #989922 #989925
#989926 #990890 #998309 #999666
Cross-References: CVE-2016-2105 CVE-2016-3459 CVE-2016-3477
CVE-2016-3486 CVE-2016-3492 CVE-2016-3501
CVE-2016-3521 CVE-2016-3614 CVE-2016-3615
CVE-2016-5439 CVE-2016-5440 CVE-2016-5507
CVE-2016-5584 CVE-2016-5609 CVE-2016-5612
CVE-2016-5616 CVE-2016-5617 CVE-2016-5626
CVE-2016-5627 CVE-2016-5629 CVE-2016-5630
CVE-2016-6304 CVE-2016-6662 CVE-2016-7440
CVE-2016-8283 CVE-2016-8284 CVE-2016-8288
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________
An update that solves 27 vulnerabilities and has four fixes
is now available.
Description:
mysql-community-server was updated to 5.6.34 to fix the following issues:
* Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
* fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,
CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,
CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,
CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,
CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,
CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,
CVE-2016-3459, CVE-2016-5439, CVE-2016-5440
* fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581],
[boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566],
[boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582],
[boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570],
[boo#1005583], [boo#1005586], [boo#989913], [boo#977614],
[boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921],
[boo#989911], [boo#989925], [boo#989926]
– append “–ignore-db-dir=lost+found” to the mysqld options in
“mysql-systemd-helper” script if “lost+found” directory is found in
$datadir [boo#986251]
– remove syslog.target from *.service files [boo#983938]
– add systemd to deps to build on leap and friends
– replace ‘%{_libexecdir}/systemd/system’ with %{_unitdir} macro
– remove useless mysql@default.service [boo#971456]
– replace all occurrences of the string “@sysconfdir@” with “/etc” in
mysql-community-server-5.6.3-logrotate.patch as it wasn’t expanded
properly [boo#990890]
– remove ‘%define _rundir’ as 13.1 is out of support scope
– run ‘usermod -g mysql mysql’ only if mysql user is not in mysql group.
Run ‘usermod -s /bin/false/ mysql’ only if mysql user doesn’t have
‘/bin/false’ shell set.
– re-enable mysql profiling
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1283=1
– openSUSE 13.2:
zypper in -t patch openSUSE-2016-1283=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE Leap 42.1 (i586 x86_64):
libmysql56client18-5.6.34-19.2
libmysql56client18-debuginfo-5.6.34-19.2
libmysql56client_r18-5.6.34-19.2
mysql-community-server-5.6.34-19.2
mysql-community-server-bench-5.6.34-19.2
mysql-community-server-bench-debuginfo-5.6.34-19.2
mysql-community-server-client-5.6.34-19.2
mysql-community-server-client-debuginfo-5.6.34-19.2
mysql-community-server-debuginfo-5.6.34-19.2
mysql-community-server-debugsource-5.6.34-19.2
mysql-community-server-errormessages-5.6.34-19.2
mysql-community-server-test-5.6.34-19.2
mysql-community-server-test-debuginfo-5.6.34-19.2
mysql-community-server-tools-5.6.34-19.2
mysql-community-server-tools-debuginfo-5.6.34-19.2
– openSUSE Leap 42.1 (x86_64):
libmysql56client18-32bit-5.6.34-19.2
libmysql56client18-debuginfo-32bit-5.6.34-19.2
libmysql56client_r18-32bit-5.6.34-19.2
– openSUSE 13.2 (i586 x86_64):
libmysql56client18-5.6.34-2.23.1
libmysql56client18-debuginfo-5.6.34-2.23.1
libmysql56client_r18-5.6.34-2.23.1
mysql-community-server-5.6.34-2.23.1
mysql-community-server-bench-5.6.34-2.23.1
mysql-community-server-bench-debuginfo-5.6.34-2.23.1
mysql-community-server-client-5.6.34-2.23.1
mysql-community-server-client-debuginfo-5.6.34-2.23.1
mysql-community-server-debuginfo-5.6.34-2.23.1
mysql-community-server-debugsource-5.6.34-2.23.1
mysql-community-server-errormessages-5.6.34-2.23.1
mysql-community-server-test-5.6.34-2.23.1
mysql-community-server-test-debuginfo-5.6.34-2.23.1
mysql-community-server-tools-5.6.34-2.23.1
mysql-community-server-tools-debuginfo-5.6.34-2.23.1
– openSUSE 13.2 (x86_64):
libmysql56client18-32bit-5.6.34-2.23.1
libmysql56client18-debuginfo-32bit-5.6.34-2.23.1
libmysql56client_r18-32bit-5.6.34-2.23.1
References:
https://www.suse.com/security/cve/CVE-2016-2105.html
https://www.suse.com/security/cve/CVE-2016-3459.html
https://www.suse.com/security/cve/CVE-2016-3477.html
https://www.suse.com/security/cve/CVE-2016-3486.html
https://www.suse.com/security/cve/CVE-2016-3492.html
https://www.suse.com/security/cve/CVE-2016-3501.html
https://www.suse.com/security/cve/CVE-2016-3521.html
https://www.suse.com/security/cve/CVE-2016-3614.html
https://www.suse.com/security/cve/CVE-2016-3615.html
https://www.suse.com/security/cve/CVE-2016-5439.html
https://www.suse.com/security/cve/CVE-2016-5440.html
https://www.suse.com/security/cve/CVE-2016-5507.html
https://www.suse.com/security/cve/CVE-2016-5584.html
https://www.suse.com/security/cve/CVE-2016-5609.html
https://www.suse.com/security/cve/CVE-2016-5612.html
https://www.suse.com/security/cve/CVE-2016-5616.html
https://www.suse.com/security/cve/CVE-2016-5617.html
https://www.suse.com/security/cve/CVE-2016-5626.html
https://www.suse.com/security/cve/CVE-2016-5627.html
https://www.suse.com/security/cve/CVE-2016-5629.html
https://www.suse.com/security/cve/CVE-2016-5630.html
https://www.suse.com/security/cve/CVE-2016-6304.html
https://www.suse.com/security/cve/CVE-2016-6662.html
https://www.suse.com/security/cve/CVE-2016-7440.html
https://www.suse.com/security/cve/CVE-2016-8283.html
https://www.suse.com/security/cve/CVE-2016-8284.html
https://www.suse.com/security/cve/CVE-2016-8288.html
https://bugzilla.suse.com/1005555
https://bugzilla.suse.com/1005557
https://bugzilla.suse.com/1005558
https://bugzilla.suse.com/1005560
https://bugzilla.suse.com/1005561
https://bugzilla.suse.com/1005562
https://bugzilla.suse.com/1005563
https://bugzilla.suse.com/1005566
https://bugzilla.suse.com/1005567
https://bugzilla.suse.com/1005569
https://bugzilla.suse.com/1005570
https://bugzilla.suse.com/1005581
https://bugzilla.suse.com/1005582
https://bugzilla.suse.com/1005583
https://bugzilla.suse.com/1005586
https://bugzilla.suse.com/971456
https://bugzilla.suse.com/977614
https://bugzilla.suse.com/983938
https://bugzilla.suse.com/986251
https://bugzilla.suse.com/989911
https://bugzilla.suse.com/989913
https://bugzilla.suse.com/989914
https://bugzilla.suse.com/989915
https://bugzilla.suse.com/989919
https://bugzilla.suse.com/989921
https://bugzilla.suse.com/989922
https://bugzilla.suse.com/989925
https://bugzilla.suse.com/989926
https://bugzilla.suse.com/990890
https://bugzilla.suse.com/998309
https://bugzilla.suse.com/999666
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org