SUSE-SU-2016:0296-1: moderate: Security update for mariadb

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Feb 1 07:11:57 MST 2016


   SUSE Security Update: Security update for mariadb
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0296-1
Rating:             moderate
References:         #937787 #957174 #958789 
Cross-References:   CVE-2015-4792 CVE-2015-4802 CVE-2015-4807
                    CVE-2015-4815 CVE-2015-4826 CVE-2015-4830
                    CVE-2015-4836 CVE-2015-4858 CVE-2015-4861
                    CVE-2015-4870 CVE-2015-4913 CVE-2015-5969
                   
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP1
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

   An update that fixes 12 vulnerabilities is now available.

Description:


   MariaDB has been updated to version 10.0.22, which brings fixes for many
   security issues and other improvements.

   The following CVEs have been fixed:

   - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,
     CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,
     CVE-2015-4870, CVE-2015-4913, CVE-2015-4792
   - Fix information leak via mysql-systemd-helper script. (CVE-2015-5969,
     bsc#957174)

   For a comprehensive list of changes refer to the upstream Release Notes
   and Change Log documents:

   - https://kb.askmonty.org/en/mariadb-10022-release-notes/
   - https://kb.askmonty.org/en/mariadb-10022-changelog/


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP1:

      zypper in -t patch SUSE-SLE-WE-12-SP1-2016-183=1

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-183=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-183=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-183=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):

      libmysqlclient_r18-10.0.22-3.1
      libmysqlclient_r18-32bit-10.0.22-3.1
      mariadb-debuginfo-10.0.22-3.1
      mariadb-debugsource-10.0.22-3.1

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      libmysqlclient-devel-10.0.22-3.1
      libmysqlclient_r18-10.0.22-3.1
      libmysqld-devel-10.0.22-3.1
      libmysqld18-10.0.22-3.1
      libmysqld18-debuginfo-10.0.22-3.1
      mariadb-debuginfo-10.0.22-3.1
      mariadb-debugsource-10.0.22-3.1

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      libmysqlclient18-10.0.22-3.1
      libmysqlclient18-debuginfo-10.0.22-3.1
      mariadb-10.0.22-3.1
      mariadb-client-10.0.22-3.1
      mariadb-client-debuginfo-10.0.22-3.1
      mariadb-debuginfo-10.0.22-3.1
      mariadb-debugsource-10.0.22-3.1
      mariadb-errormessages-10.0.22-3.1
      mariadb-tools-10.0.22-3.1
      mariadb-tools-debuginfo-10.0.22-3.1

   - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):

      libmysqlclient18-32bit-10.0.22-3.1
      libmysqlclient18-debuginfo-32bit-10.0.22-3.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      libmysqlclient18-10.0.22-3.1
      libmysqlclient18-32bit-10.0.22-3.1
      libmysqlclient18-debuginfo-10.0.22-3.1
      libmysqlclient18-debuginfo-32bit-10.0.22-3.1
      libmysqlclient_r18-10.0.22-3.1
      libmysqlclient_r18-32bit-10.0.22-3.1
      mariadb-10.0.22-3.1
      mariadb-client-10.0.22-3.1
      mariadb-client-debuginfo-10.0.22-3.1
      mariadb-debuginfo-10.0.22-3.1
      mariadb-debugsource-10.0.22-3.1
      mariadb-errormessages-10.0.22-3.1


References:

   https://www.suse.com/security/cve/CVE-2015-4792.html
   https://www.suse.com/security/cve/CVE-2015-4802.html
   https://www.suse.com/security/cve/CVE-2015-4807.html
   https://www.suse.com/security/cve/CVE-2015-4815.html
   https://www.suse.com/security/cve/CVE-2015-4826.html
   https://www.suse.com/security/cve/CVE-2015-4830.html
   https://www.suse.com/security/cve/CVE-2015-4836.html
   https://www.suse.com/security/cve/CVE-2015-4858.html
   https://www.suse.com/security/cve/CVE-2015-4861.html
   https://www.suse.com/security/cve/CVE-2015-4870.html
   https://www.suse.com/security/cve/CVE-2015-4913.html
   https://www.suse.com/security/cve/CVE-2015-5969.html
   https://bugzilla.suse.com/937787
   https://bugzilla.suse.com/957174
   https://bugzilla.suse.com/958789



More information about the sle-security-updates mailing list