openSUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2746-1 Rating: important References: #1003800 #1005561 #1005570 #949520 #971456 #983938 #984858 #986251 #989913 #989919 #989922 #989926 #990890 #998309 Cross-References: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5612 CVE-2016-5630 CVE-2016-6662 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 7 fixes is now available. Description: This update for mariadb to 10.0.27 fixes the following issues: * release notes: * https://kb.askmonty.org/en/mariadb-10027-release-notes * https://kb.askmonty.org/en/mariadb-10026-release-notes * changelog: * https://kb.askmonty.org/en/mariadb-10027-changelog * https://kb.askmonty.org/en/mariadb-10026-changelog * fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630, CVE-2016-6662 10.0.26: CVE-2016-5440, CVE-2016-3615, CVE-2016-3521, CVE-2016-3477 * fix: [boo#1005561], [boo#1005570], [boo#998309], [boo#989926], [boo#989922], [boo#989919], [boo#989913] - requires devel packages for aio and lzo2 - remove mariadb-10.0.21-mysql-test_main_bootstrap.patch that is no longer needed [boo#984858] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - make ORDER BY optimization functions take into account multiple equalities [boo#949520] - adjust mysql-test results in order to take account of a new option (orderby_uses_equalities) added by the optimizer patch [boo#1003800] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.1.46-logrotate.patch as it wasn't expanded properly [boo#990890] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1274=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libmysqlclient-devel-10.0.27-2.27.1 libmysqlclient18-10.0.27-2.27.1 libmysqlclient18-debuginfo-10.0.27-2.27.1 libmysqlclient_r18-10.0.27-2.27.1 libmysqld-devel-10.0.27-2.27.1 libmysqld18-10.0.27-2.27.1 libmysqld18-debuginfo-10.0.27-2.27.1 mariadb-10.0.27-2.27.1 mariadb-bench-10.0.27-2.27.1 mariadb-bench-debuginfo-10.0.27-2.27.1 mariadb-client-10.0.27-2.27.1 mariadb-client-debuginfo-10.0.27-2.27.1 mariadb-debuginfo-10.0.27-2.27.1 mariadb-debugsource-10.0.27-2.27.1 mariadb-errormessages-10.0.27-2.27.1 mariadb-test-10.0.27-2.27.1 mariadb-test-debuginfo-10.0.27-2.27.1 mariadb-tools-10.0.27-2.27.1 mariadb-tools-debuginfo-10.0.27-2.27.1 - openSUSE 13.2 (x86_64): libmysqlclient18-32bit-10.0.27-2.27.1 libmysqlclient18-debuginfo-32bit-10.0.27-2.27.1 libmysqlclient_r18-32bit-10.0.27-2.27.1 References: https://www.suse.com/security/cve/CVE-2016-3477.html https://www.suse.com/security/cve/CVE-2016-3521.html https://www.suse.com/security/cve/CVE-2016-3615.html https://www.suse.com/security/cve/CVE-2016-5440.html https://www.suse.com/security/cve/CVE-2016-5612.html https://www.suse.com/security/cve/CVE-2016-5630.html https://www.suse.com/security/cve/CVE-2016-6662.html https://bugzilla.suse.com/1003800 https://bugzilla.suse.com/1005561 https://bugzilla.suse.com/1005570 https://bugzilla.suse.com/949520 https://bugzilla.suse.com/971456 https://bugzilla.suse.com/983938 https://bugzilla.suse.com/984858 https://bugzilla.suse.com/986251 https://bugzilla.suse.com/989913 https://bugzilla.suse.com/989919 https://bugzilla.suse.com/989922 https://bugzilla.suse.com/989926 https://bugzilla.suse.com/990890 https://bugzilla.suse.com/998309 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org