openSUSE Security Update: Security update for mysql-community-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2011-1 Rating: moderate References: #1049394 #1049396 #1049398 #1049399 #1049404 #1049410 #1049411 #1049412 #1049415 #1049416 #1049417 #1049421 #1049422 Cross-References: CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 CVE-2017-3732 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included: - switch systemd unit file from 'Restart=on-failure' to 'Restart=on-abort' - update file lists for new man-pages and tools (for mariadb) For a list of upstream changes in this release, see: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-866=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-866=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libmysql56client18-5.6.37-27.1 libmysql56client18-debuginfo-5.6.37-27.1 libmysql56client_r18-5.6.37-27.1 mysql-community-server-5.6.37-27.1 mysql-community-server-bench-5.6.37-27.1 mysql-community-server-bench-debuginfo-5.6.37-27.1 mysql-community-server-client-5.6.37-27.1 mysql-community-server-client-debuginfo-5.6.37-27.1 mysql-community-server-debuginfo-5.6.37-27.1 mysql-community-server-debugsource-5.6.37-27.1 mysql-community-server-errormessages-5.6.37-27.1 mysql-community-server-test-5.6.37-27.1 mysql-community-server-test-debuginfo-5.6.37-27.1 mysql-community-server-tools-5.6.37-27.1 mysql-community-server-tools-debuginfo-5.6.37-27.1 - openSUSE Leap 42.3 (x86_64): libmysql56client18-32bit-5.6.37-27.1 libmysql56client18-debuginfo-32bit-5.6.37-27.1 libmysql56client_r18-32bit-5.6.37-27.1 - openSUSE Leap 42.2 (i586 x86_64): libmysql56client18-5.6.37-24.9.1 libmysql56client18-debuginfo-5.6.37-24.9.1 libmysql56client_r18-5.6.37-24.9.1 mysql-community-server-5.6.37-24.9.1 mysql-community-server-bench-5.6.37-24.9.1 mysql-community-server-bench-debuginfo-5.6.37-24.9.1 mysql-community-server-client-5.6.37-24.9.1 mysql-community-server-client-debuginfo-5.6.37-24.9.1 mysql-community-server-debuginfo-5.6.37-24.9.1 mysql-community-server-debugsource-5.6.37-24.9.1 mysql-community-server-errormessages-5.6.37-24.9.1 mysql-community-server-test-5.6.37-24.9.1 mysql-community-server-test-debuginfo-5.6.37-24.9.1 mysql-community-server-tools-5.6.37-24.9.1 mysql-community-server-tools-debuginfo-5.6.37-24.9.1 - openSUSE Leap 42.2 (x86_64): libmysql56client18-32bit-5.6.37-24.9.1 libmysql56client18-debuginfo-32bit-5.6.37-24.9.1 libmysql56client_r18-32bit-5.6.37-24.9.1 References: https://www.suse.com/security/cve/CVE-2017-3633.html https://www.suse.com/security/cve/CVE-2017-3634.html https://www.suse.com/security/cve/CVE-2017-3635.html https://www.suse.com/security/cve/CVE-2017-3636.html https://www.suse.com/security/cve/CVE-2017-3641.html https://www.suse.com/security/cve/CVE-2017-3647.html https://www.suse.com/security/cve/CVE-2017-3648.html https://www.suse.com/security/cve/CVE-2017-3649.html https://www.suse.com/security/cve/CVE-2017-3651.html https://www.suse.com/security/cve/CVE-2017-3652.html https://www.suse.com/security/cve/CVE-2017-3653.html https://www.suse.com/security/cve/CVE-2017-3732.html https://bugzilla.suse.com/1049394 https://bugzilla.suse.com/1049396 https://bugzilla.suse.com/1049398 https://bugzilla.suse.com/1049399 https://bugzilla.suse.com/1049404 https://bugzilla.suse.com/1049410 https://bugzilla.suse.com/1049411 https://bugzilla.suse.com/1049412 https://bugzilla.suse.com/1049415 https://bugzilla.suse.com/1049416 https://bugzilla.suse.com/1049417 https://bugzilla.suse.com/1049421 https://bugzilla.suse.com/1049422