SUSE-SU-2016:0348-1: moderate: Security update for mysql

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Feb 5 10:13:08 MST 2016


   SUSE Security Update: Security update for mysql
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0348-1
Rating:             moderate
References:         #959724 #960961 #962779 
Cross-References:   CVE-2015-7744 CVE-2016-0502 CVE-2016-0505
                    CVE-2016-0546 CVE-2016-0596 CVE-2016-0597
                    CVE-2016-0598 CVE-2016-0600 CVE-2016-0606
                    CVE-2016-0608 CVE-2016-0609 CVE-2016-0616
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Software Development Kit 11-SP3
                    SUSE Linux Enterprise Server for VMWare 11-SP3
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Desktop 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that fixes 12 vulnerabilities is now available.

Description:


   This update to MySQL 5.5.47 fixes the following issues (bsc#962779):

   - CVE-2015-7744: Lack of verification against faults associated with the
     Chinese Remainder Theorem (CRT) process when allowing ephemeral key
     exchange without low memory optimizations on a server, which makes it
     easier for remote attackers to obtain private RSA keys by capturing TLS
     handshakes, aka a Lenstra attack.
   - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and
     earlier and 5.6.11 and earlier allows remote authenticated users to
     affect availability via unknown vectors related to Optimizer.
   - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect availability via unknown vectors related to Options.
   - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect
     confidentiality, integrity, and availability via unknown vectors related
     to Client.
   - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier and 5.6.27 and earlier allows remote authenticated users to
     affect availability via vectors related to DML.
   - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect availability via unknown vectors related to Optimizer.
   - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect availability via vectors related to DML.
   - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect availability via unknown vectors related to InnoDB.
   - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect integrity via unknown vectors related to encryption.
   - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect availability via vectors related to UDF.
   - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
     to affect availability via unknown vectors related to privileges.
   - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and
     earlier allows remote authenticated users to affect availability via
     unknown vectors related to Optimizer.
   - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and
     sprintf()

   The following bugs were fixed:

   - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-mysql-12386=1

   - SUSE Linux Enterprise Software Development Kit 11-SP3:

      zypper in -t patch sdksp3-mysql-12386=1

   - SUSE Linux Enterprise Server for VMWare 11-SP3:

      zypper in -t patch slessp3-mysql-12386=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-mysql-12386=1

   - SUSE Linux Enterprise Server 11-SP3:

      zypper in -t patch slessp3-mysql-12386=1

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-mysql-12386=1

   - SUSE Linux Enterprise Desktop 11-SP3:

      zypper in -t patch sledsp3-mysql-12386=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-mysql-12386=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-mysql-12386=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libmysql55client_r18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64):

      libmysql55client_r18-x86-5.5.47-0.17.1

   - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64):

      libmysql55client_r18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64):

      libmysql55client_r18-x86-5.5.47-0.17.1

   - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64):

      libmysql55client18-5.5.47-0.17.1
      libmysql55client_r18-5.5.47-0.17.1
      mysql-5.5.47-0.17.1
      mysql-client-5.5.47-0.17.1
      mysql-tools-5.5.47-0.17.1

   - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64):

      libmysql55client18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libmysql55client18-5.5.47-0.17.1
      libmysql55client_r18-5.5.47-0.17.1
      mysql-5.5.47-0.17.1
      mysql-client-5.5.47-0.17.1
      mysql-tools-5.5.47-0.17.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libmysql55client18-32bit-5.5.47-0.17.1
      libmysql55client_r18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      libmysql55client18-x86-5.5.47-0.17.1
      libmysql55client_r18-x86-5.5.47-0.17.1

   - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      libmysql55client18-5.5.47-0.17.1
      libmysql55client_r18-5.5.47-0.17.1
      mysql-5.5.47-0.17.1
      mysql-client-5.5.47-0.17.1
      mysql-tools-5.5.47-0.17.1

   - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64):

      libmysql55client18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Server 11-SP3 (ia64):

      libmysql55client18-x86-5.5.47-0.17.1

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      libmysql55client18-5.5.47-0.17.1
      libmysql55client_r18-5.5.47-0.17.1
      mysql-5.5.47-0.17.1
      mysql-client-5.5.47-0.17.1

   - SUSE Linux Enterprise Desktop 11-SP4 (x86_64):

      libmysql55client18-32bit-5.5.47-0.17.1
      libmysql55client_r18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):

      libmysql55client18-5.5.47-0.17.1
      libmysql55client_r18-5.5.47-0.17.1
      mysql-5.5.47-0.17.1
      mysql-client-5.5.47-0.17.1

   - SUSE Linux Enterprise Desktop 11-SP3 (x86_64):

      libmysql55client18-32bit-5.5.47-0.17.1
      libmysql55client_r18-32bit-5.5.47-0.17.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mysql-debuginfo-5.5.47-0.17.1
      mysql-debugsource-5.5.47-0.17.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      mysql-debuginfo-5.5.47-0.17.1
      mysql-debugsource-5.5.47-0.17.1


References:

   https://www.suse.com/security/cve/CVE-2015-7744.html
   https://www.suse.com/security/cve/CVE-2016-0502.html
   https://www.suse.com/security/cve/CVE-2016-0505.html
   https://www.suse.com/security/cve/CVE-2016-0546.html
   https://www.suse.com/security/cve/CVE-2016-0596.html
   https://www.suse.com/security/cve/CVE-2016-0597.html
   https://www.suse.com/security/cve/CVE-2016-0598.html
   https://www.suse.com/security/cve/CVE-2016-0600.html
   https://www.suse.com/security/cve/CVE-2016-0606.html
   https://www.suse.com/security/cve/CVE-2016-0608.html
   https://www.suse.com/security/cve/CVE-2016-0609.html
   https://www.suse.com/security/cve/CVE-2016-0616.html
   https://bugzilla.suse.com/959724
   https://bugzilla.suse.com/960961
   https://bugzilla.suse.com/962779



More information about the sle-security-updates mailing list