SUSE-SU-2015:1788-1: moderate: Security update for mysql

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Oct 20 07:11:38 MDT 2015


   SUSE Security Update: Security update for mysql
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1788-1
Rating:             moderate
References:         #924663 #928962 #934401 #938412 
Cross-References:   CVE-2015-2582 CVE-2015-2611 CVE-2015-2617
                    CVE-2015-2620 CVE-2015-2639 CVE-2015-2641
                    CVE-2015-2643 CVE-2015-2648 CVE-2015-2661
                    CVE-2015-3152 CVE-2015-4737 CVE-2015-4752
                    CVE-2015-4756 CVE-2015-4757 CVE-2015-4761
                    CVE-2015-4767 CVE-2015-4769 CVE-2015-4771
                    CVE-2015-4772
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Software Development Kit 11-SP3
                    SUSE Linux Enterprise Server for VMWare 11-SP3
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Desktop 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that fixes 19 vulnerabilities is now available.

Description:


   MySQL was updated to version 5.5.45, fixing bugs and security issues.

   A list of all changes can be found on:

   - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
   - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html

   To fix the "BACKRONYM" security issue (CVE-2015-3152) the behaviour of the
   SSL options was changed slightly to meet expectations: Now using
   '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection
   is required. The mysql client will now print an error if ssl is required,
   but the server can not handle a ssl connection [bnc#924663], [bnc#928962],
   [CVE-2015-3152]

   Additional bugs fixed:
   - fix rc.mysql-multi script to start instances after restart properly
     [bnc#934401].


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-mysql-12147=1

   - SUSE Linux Enterprise Software Development Kit 11-SP3:

      zypper in -t patch sdksp3-mysql-12147=1

   - SUSE Linux Enterprise Server for VMWare 11-SP3:

      zypper in -t patch slessp3-mysql-12147=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-mysql-12147=1

   - SUSE Linux Enterprise Server 11-SP3:

      zypper in -t patch slessp3-mysql-12147=1

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-mysql-12147=1

   - SUSE Linux Enterprise Desktop 11-SP3:

      zypper in -t patch sledsp3-mysql-12147=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-mysql-12147=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-mysql-12147=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libmysql55client_r18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64):

      libmysql55client_r18-x86-5.5.45-0.11.1

   - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64):

      libmysql55client_r18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64):

      libmysql55client_r18-x86-5.5.45-0.11.1

   - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64):

      libmysql55client18-5.5.45-0.11.1
      libmysql55client_r18-5.5.45-0.11.1
      mysql-5.5.45-0.11.1
      mysql-client-5.5.45-0.11.1
      mysql-tools-5.5.45-0.11.1

   - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64):

      libmysql55client18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libmysql55client18-5.5.45-0.11.1
      libmysql55client_r18-5.5.45-0.11.1
      mysql-5.5.45-0.11.1
      mysql-client-5.5.45-0.11.1
      mysql-tools-5.5.45-0.11.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libmysql55client18-32bit-5.5.45-0.11.1
      libmysql55client_r18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      libmysql55client18-x86-5.5.45-0.11.1
      libmysql55client_r18-x86-5.5.45-0.11.1

   - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      libmysql55client18-5.5.45-0.11.1
      libmysql55client_r18-5.5.45-0.11.1
      mysql-5.5.45-0.11.1
      mysql-client-5.5.45-0.11.1
      mysql-tools-5.5.45-0.11.1

   - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64):

      libmysql55client18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Server 11-SP3 (ia64):

      libmysql55client18-x86-5.5.45-0.11.1

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      libmysql55client18-5.5.45-0.11.1
      libmysql55client_r18-5.5.45-0.11.1
      mysql-5.5.45-0.11.1
      mysql-client-5.5.45-0.11.1

   - SUSE Linux Enterprise Desktop 11-SP4 (x86_64):

      libmysql55client18-32bit-5.5.45-0.11.1
      libmysql55client_r18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):

      libmysql55client18-5.5.45-0.11.1
      libmysql55client_r18-5.5.45-0.11.1
      mysql-5.5.45-0.11.1
      mysql-client-5.5.45-0.11.1

   - SUSE Linux Enterprise Desktop 11-SP3 (x86_64):

      libmysql55client18-32bit-5.5.45-0.11.1
      libmysql55client_r18-32bit-5.5.45-0.11.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mysql-debuginfo-5.5.45-0.11.1
      mysql-debugsource-5.5.45-0.11.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      mysql-debuginfo-5.5.45-0.11.1
      mysql-debugsource-5.5.45-0.11.1


References:

   https://www.suse.com/security/cve/CVE-2015-2582.html
   https://www.suse.com/security/cve/CVE-2015-2611.html
   https://www.suse.com/security/cve/CVE-2015-2617.html
   https://www.suse.com/security/cve/CVE-2015-2620.html
   https://www.suse.com/security/cve/CVE-2015-2639.html
   https://www.suse.com/security/cve/CVE-2015-2641.html
   https://www.suse.com/security/cve/CVE-2015-2643.html
   https://www.suse.com/security/cve/CVE-2015-2648.html
   https://www.suse.com/security/cve/CVE-2015-2661.html
   https://www.suse.com/security/cve/CVE-2015-3152.html
   https://www.suse.com/security/cve/CVE-2015-4737.html
   https://www.suse.com/security/cve/CVE-2015-4752.html
   https://www.suse.com/security/cve/CVE-2015-4756.html
   https://www.suse.com/security/cve/CVE-2015-4757.html
   https://www.suse.com/security/cve/CVE-2015-4761.html
   https://www.suse.com/security/cve/CVE-2015-4767.html
   https://www.suse.com/security/cve/CVE-2015-4769.html
   https://www.suse.com/security/cve/CVE-2015-4771.html
   https://www.suse.com/security/cve/CVE-2015-4772.html
   https://bugzilla.suse.com/924663
   https://bugzilla.suse.com/928962
   https://bugzilla.suse.com/934401
   https://bugzilla.suse.com/938412



More information about the sle-security-updates mailing list