openSUSE Security Update: Security update for MariaDB ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1216-1 Rating: important References: #859345 #914370 #924663 #934789 #936407 #936408 #936409 Cross-References: CVE-2014-6464 CVE-2014-6469 CVE-2014-6491 CVE-2014-6494 CVE-2014-6496 CVE-2014-6500 CVE-2014-6507 CVE-2014-6555 CVE-2014-6559 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4000 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-479=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-479=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libmysqlclient-devel-10.0.20-2.9.1 libmysqlclient18-10.0.20-2.9.1 libmysqlclient18-debuginfo-10.0.20-2.9.1 libmysqlclient_r18-10.0.20-2.9.1 libmysqld-devel-10.0.20-2.9.1 libmysqld18-10.0.20-2.9.1 libmysqld18-debuginfo-10.0.20-2.9.1 mariadb-10.0.20-2.9.1 mariadb-bench-10.0.20-2.9.1 mariadb-bench-debuginfo-10.0.20-2.9.1 mariadb-client-10.0.20-2.9.1 mariadb-client-debuginfo-10.0.20-2.9.1 mariadb-debuginfo-10.0.20-2.9.1 mariadb-debugsource-10.0.20-2.9.1 mariadb-errormessages-10.0.20-2.9.1 mariadb-test-10.0.20-2.9.1 mariadb-test-debuginfo-10.0.20-2.9.1 mariadb-tools-10.0.20-2.9.1 mariadb-tools-debuginfo-10.0.20-2.9.1 - openSUSE 13.2 (x86_64): libmysqlclient18-32bit-10.0.20-2.9.1 libmysqlclient18-debuginfo-32bit-10.0.20-2.9.1 libmysqlclient_r18-32bit-10.0.20-2.9.1 - openSUSE 13.1 (i586 x86_64): libmysqlclient-devel-5.5.44-4.1 libmysqlclient18-5.5.44-4.1 libmysqlclient18-debuginfo-5.5.44-4.1 libmysqlclient_r18-5.5.44-4.1 libmysqld-devel-5.5.44-4.1 libmysqld18-5.5.44-4.1 libmysqld18-debuginfo-5.5.44-4.1 mariadb-5.5.44-4.1 mariadb-bench-5.5.44-4.1 mariadb-bench-debuginfo-5.5.44-4.1 mariadb-client-5.5.44-4.1 mariadb-client-debuginfo-5.5.44-4.1 mariadb-debuginfo-5.5.44-4.1 mariadb-debugsource-5.5.44-4.1 mariadb-errormessages-5.5.44-4.1 mariadb-test-5.5.44-4.1 mariadb-test-debuginfo-5.5.44-4.1 mariadb-tools-5.5.44-4.1 mariadb-tools-debuginfo-5.5.44-4.1 - openSUSE 13.1 (x86_64): libmysqlclient18-32bit-5.5.44-4.1 libmysqlclient18-debuginfo-32bit-5.5.44-4.1 libmysqlclient_r18-32bit-5.5.44-4.1 References: https://www.suse.com/security/cve/CVE-2014-6464.html https://www.suse.com/security/cve/CVE-2014-6469.html https://www.suse.com/security/cve/CVE-2014-6491.html https://www.suse.com/security/cve/CVE-2014-6494.html https://www.suse.com/security/cve/CVE-2014-6496.html https://www.suse.com/security/cve/CVE-2014-6500.html https://www.suse.com/security/cve/CVE-2014-6507.html https://www.suse.com/security/cve/CVE-2014-6555.html https://www.suse.com/security/cve/CVE-2014-6559.html https://www.suse.com/security/cve/CVE-2014-6568.html https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2015-0374.html https://www.suse.com/security/cve/CVE-2015-0381.html https://www.suse.com/security/cve/CVE-2015-0382.html https://www.suse.com/security/cve/CVE-2015-0411.html https://www.suse.com/security/cve/CVE-2015-0432.html https://www.suse.com/security/cve/CVE-2015-0433.html https://www.suse.com/security/cve/CVE-2015-0441.html https://www.suse.com/security/cve/CVE-2015-0499.html https://www.suse.com/security/cve/CVE-2015-0501.html https://www.suse.com/security/cve/CVE-2015-0505.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2326.html https://www.suse.com/security/cve/CVE-2015-2568.html https://www.suse.com/security/cve/CVE-2015-2571.html https://www.suse.com/security/cve/CVE-2015-2573.html https://www.suse.com/security/cve/CVE-2015-3152.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/859345 https://bugzilla.suse.com/914370 https://bugzilla.suse.com/924663 https://bugzilla.suse.com/934789 https://bugzilla.suse.com/936407 https://bugzilla.suse.com/936408 https://bugzilla.suse.com/936409 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org