[security-announce] openSUSE-SU-2017:2868-1: important: Security update for mysql-community-server

openSUSE Security Update: Security update for mysql-community-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2868-1 Rating: important References: #1039034 #1064096 #1064100 #1064101 #1064102 #1064104 #1064105 #1064107 #1064108 #1064112 #1064115 #1064116 #1064117 #1064118 #1064119 Cross-References: CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-3731 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has two fixes is now available. Description: This update for mysql-community-server to 5.6.38 fixes the following issues: Full list of changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed: - [boo#1064116] CVE-2017-10379 - [boo#1064117] CVE-2017-10384 - [boo#1064115] CVE-2017-10378 - [boo#1064101] CVE-2017-10268 - [boo#1064096] CVE-2017-10155 - [boo#1064118] CVE-2017-3731 - [boo#1064102] CVE-2017-10276 - [boo#1064105] CVE-2017-10283 - [boo#1064112] CVE-2017-10314 - [boo#1064100] CVE-2017-10227 - [boo#1064104] CVE-2017-10279 - [boo#1064108] CVE-2017-10294 - [boo#1064107] CVE-2017-10286 Additional changes: - add "BuildRequires: unixODBC-devel" to allow ODBC support for Connect engine [boo#1039034] - update filename in /var/adm/update-messages to match documentation, and build-compare pattern - some scripts from the tools subpackage, namely: wsrep_sst_xtrabackup, wsrep_sst_mariabackup.sh and wsrep_sst_xtrabackup-v2.sh need socat - fixed incorrect descriptions and mismatching RPM groups Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1196=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1196=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libmysql56client18-5.6.38-30.1 libmysql56client18-debuginfo-5.6.38-30.1 libmysql56client_r18-5.6.38-30.1 mysql-community-server-5.6.38-30.1 mysql-community-server-bench-5.6.38-30.1 mysql-community-server-bench-debuginfo-5.6.38-30.1 mysql-community-server-client-5.6.38-30.1 mysql-community-server-client-debuginfo-5.6.38-30.1 mysql-community-server-debuginfo-5.6.38-30.1 mysql-community-server-debugsource-5.6.38-30.1 mysql-community-server-test-5.6.38-30.1 mysql-community-server-test-debuginfo-5.6.38-30.1 mysql-community-server-tools-5.6.38-30.1 mysql-community-server-tools-debuginfo-5.6.38-30.1 - openSUSE Leap 42.3 (noarch): mysql-community-server-errormessages-5.6.38-30.1 - openSUSE Leap 42.3 (x86_64): libmysql56client18-32bit-5.6.38-30.1 libmysql56client18-debuginfo-32bit-5.6.38-30.1 libmysql56client_r18-32bit-5.6.38-30.1 - openSUSE Leap 42.2 (i586 x86_64): libmysql56client18-5.6.38-24.12.1 libmysql56client18-debuginfo-5.6.38-24.12.1 libmysql56client_r18-5.6.38-24.12.1 mysql-community-server-5.6.38-24.12.1 mysql-community-server-bench-5.6.38-24.12.1 mysql-community-server-bench-debuginfo-5.6.38-24.12.1 mysql-community-server-client-5.6.38-24.12.1 mysql-community-server-client-debuginfo-5.6.38-24.12.1 mysql-community-server-debuginfo-5.6.38-24.12.1 mysql-community-server-debugsource-5.6.38-24.12.1 mysql-community-server-test-5.6.38-24.12.1 mysql-community-server-test-debuginfo-5.6.38-24.12.1 mysql-community-server-tools-5.6.38-24.12.1 mysql-community-server-tools-debuginfo-5.6.38-24.12.1 - openSUSE Leap 42.2 (x86_64): libmysql56client18-32bit-5.6.38-24.12.1 libmysql56client18-debuginfo-32bit-5.6.38-24.12.1 libmysql56client_r18-32bit-5.6.38-24.12.1 - openSUSE Leap 42.2 (noarch): mysql-community-server-errormessages-5.6.38-24.12.1 References: https://www.suse.com/security/cve/CVE-2017-10155.html https://www.suse.com/security/cve/CVE-2017-10227.html https://www.suse.com/security/cve/CVE-2017-10268.html https://www.suse.com/security/cve/CVE-2017-10276.html https://www.suse.com/security/cve/CVE-2017-10279.html https://www.suse.com/security/cve/CVE-2017-10283.html https://www.suse.com/security/cve/CVE-2017-10286.html https://www.suse.com/security/cve/CVE-2017-10294.html https://www.suse.com/security/cve/CVE-2017-10314.html https://www.suse.com/security/cve/CVE-2017-10378.html https://www.suse.com/security/cve/CVE-2017-10379.html https://www.suse.com/security/cve/CVE-2017-10384.html https://www.suse.com/security/cve/CVE-2017-3731.html https://bugzilla.suse.com/1039034 https://bugzilla.suse.com/1064096 https://bugzilla.suse.com/1064100 https://bugzilla.suse.com/1064101 https://bugzilla.suse.com/1064102 https://bugzilla.suse.com/1064104 https://bugzilla.suse.com/1064105 https://bugzilla.suse.com/1064107 https://bugzilla.suse.com/1064108 https://bugzilla.suse.com/1064112 https://bugzilla.suse.com/1064115 https://bugzilla.suse.com/1064116 https://bugzilla.suse.com/1064117 https://bugzilla.suse.com/1064118 https://bugzilla.suse.com/1064119 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org