[security-announce] openSUSE-SU-2016:1332-1: important: Security update for mysql-community-server

news · May 18, 2016

openSUSE Security Update: Security update for mysql-community-server

______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1332-1

Rating: important

References: #959724 #962779 #963810

Cross-References: CVE-2015-3194 CVE-2016-0639 CVE-2016-0640

CVE-2016-0641 CVE-2016-0642 CVE-2016-0643

CVE-2016-0644 CVE-2016-0646 CVE-2016-0647

CVE-2016-0648 CVE-2016-0649 CVE-2016-0650

CVE-2016-0655 CVE-2016-0661 CVE-2016-0665

CVE-2016-0666 CVE-2016-0668 CVE-2016-0705

CVE-2016-2047

Affected Products:

openSUSE Leap 42.1

openSUSE 13.2

______________________________________________________________________________

An update that fixes 19 vulnerabilities is now available.

Description:

This mysql-community-server version update to 5.6.30 fixes the following

issues:

Security issues fixed:

- fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639,

CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644,

CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,

CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641,

CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643

- changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html

http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html

Bugs fixed:

- don't delete the log data when migration fails

- add 'log-error' and 'secure-file-priv' configuration options (added via

configuration-tweaks.tar.bz2) [boo#963810]

* add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error =

/var/log/mysql/mysqld.log'. If no path is set, the error log is

written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by

logrotate.

* add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD

DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files

in the directory specified by 'secure-file-priv' option

(='/var/lib/mysql-files').

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-607=1

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-607=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libmysql56client18-5.6.30-16.2

libmysql56client18-debuginfo-5.6.30-16.2

libmysql56client_r18-5.6.30-16.2

mysql-community-server-5.6.30-16.2

mysql-community-server-bench-5.6.30-16.2

mysql-community-server-bench-debuginfo-5.6.30-16.2

mysql-community-server-client-5.6.30-16.2

mysql-community-server-client-debuginfo-5.6.30-16.2

mysql-community-server-debuginfo-5.6.30-16.2

mysql-community-server-debugsource-5.6.30-16.2

mysql-community-server-errormessages-5.6.30-16.2

mysql-community-server-test-5.6.30-16.2

mysql-community-server-test-debuginfo-5.6.30-16.2

mysql-community-server-tools-5.6.30-16.2

mysql-community-server-tools-debuginfo-5.6.30-16.2

- openSUSE Leap 42.1 (x86_64):

libmysql56client18-32bit-5.6.30-16.2

libmysql56client18-debuginfo-32bit-5.6.30-16.2

libmysql56client_r18-32bit-5.6.30-16.2

- openSUSE 13.2 (i586 x86_64):

libmysql56client18-5.6.30-2.20.2

libmysql56client18-debuginfo-5.6.30-2.20.2

libmysql56client_r18-5.6.30-2.20.2

mysql-community-server-5.6.30-2.20.2

mysql-community-server-bench-5.6.30-2.20.2

mysql-community-server-bench-debuginfo-5.6.30-2.20.2

mysql-community-server-client-5.6.30-2.20.2

mysql-community-server-client-debuginfo-5.6.30-2.20.2

mysql-community-server-debuginfo-5.6.30-2.20.2

mysql-community-server-debugsource-5.6.30-2.20.2

mysql-community-server-errormessages-5.6.30-2.20.2

mysql-community-server-test-5.6.30-2.20.2

mysql-community-server-test-debuginfo-5.6.30-2.20.2

mysql-community-server-tools-5.6.30-2.20.2

mysql-community-server-tools-debuginfo-5.6.30-2.20.2

- openSUSE 13.2 (x86_64):

libmysql56client18-32bit-5.6.30-2.20.2

libmysql56client18-debuginfo-32bit-5.6.30-2.20.2

libmysql56client_r18-32bit-5.6.30-2.20.2

References:

https://www.suse.com/security/cve/CVE-2015-3194.html

https://www.suse.com/security/cve/CVE-2016-0639.html

https://www.suse.com/security/cve/CVE-2016-0640.html

https://www.suse.com/security/cve/CVE-2016-0641.html

https://www.suse.com/security/cve/CVE-2016-0642.html

https://www.suse.com/security/cve/CVE-2016-0643.html

https://www.suse.com/security/cve/CVE-2016-0644.html

https://www.suse.com/security/cve/CVE-2016-0646.html

https://www.suse.com/security/cve/CVE-2016-0647.html

https://www.suse.com/security/cve/CVE-2016-0648.html

https://www.suse.com/security/cve/CVE-2016-0649.html

https://www.suse.com/security/cve/CVE-2016-0650.html

https://www.suse.com/security/cve/CVE-2016-0655.html

https://www.suse.com/security/cve/CVE-2016-0661.html

https://www.suse.com/security/cve/CVE-2016-0665.html

https://www.suse.com/security/cve/CVE-2016-0666.html

https://www.suse.com/security/cve/CVE-2016-0668.html

https://www.suse.com/security/cve/CVE-2016-0705.html

https://www.suse.com/security/cve/CVE-2016-2047.html

https://bugzilla.suse.com/959724

https://bugzilla.suse.com/962779

https://bugzilla.suse.com/963810

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2016:1332-1: important: Security update for mysql-community-server

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity