openSUSE Security Update: Security update for mysql-community-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2769-1 Rating: important References: #1005555 #1005557 #1005558 #1005560 #1005561 #1005562 #1005563 #1005566 #1005567 #1005569 #1005570 #1005581 #1005582 #1005583 #1005586 #971456 #977614 #983938 #986251 #989911 #989913 #989914 #989915 #989919 #989921 #989922 #989925 #989926 #990890 #998309 #999666 Cross-References: CVE-2016-2105 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3492 CVE-2016-3501 CVE-2016-3521 CVE-2016-3614 CVE-2016-3615 CVE-2016-5439 CVE-2016-5440 CVE-2016-5507 CVE-2016-5584 CVE-2016-5609 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5626 CVE-2016-5627 CVE-2016-5629 CVE-2016-5630 CVE-2016-6304 CVE-2016-6662 CVE-2016-7440 CVE-2016-8283 CVE-2016-8284 CVE-2016-8288 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has four fixes is now available. Description: mysql-community-server was updated to 5.6.34 to fix the following issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1283=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-1283=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): libmysql56client18-5.6.34-19.2 libmysql56client18-debuginfo-5.6.34-19.2 libmysql56client_r18-5.6.34-19.2 mysql-community-server-5.6.34-19.2 mysql-community-server-bench-5.6.34-19.2 mysql-community-server-bench-debuginfo-5.6.34-19.2 mysql-community-server-client-5.6.34-19.2 mysql-community-server-client-debuginfo-5.6.34-19.2 mysql-community-server-debuginfo-5.6.34-19.2 mysql-community-server-debugsource-5.6.34-19.2 mysql-community-server-errormessages-5.6.34-19.2 mysql-community-server-test-5.6.34-19.2 mysql-community-server-test-debuginfo-5.6.34-19.2 mysql-community-server-tools-5.6.34-19.2 mysql-community-server-tools-debuginfo-5.6.34-19.2 - openSUSE Leap 42.1 (x86_64): libmysql56client18-32bit-5.6.34-19.2 libmysql56client18-debuginfo-32bit-5.6.34-19.2 libmysql56client_r18-32bit-5.6.34-19.2 - openSUSE 13.2 (i586 x86_64): libmysql56client18-5.6.34-2.23.1 libmysql56client18-debuginfo-5.6.34-2.23.1 libmysql56client_r18-5.6.34-2.23.1 mysql-community-server-5.6.34-2.23.1 mysql-community-server-bench-5.6.34-2.23.1 mysql-community-server-bench-debuginfo-5.6.34-2.23.1 mysql-community-server-client-5.6.34-2.23.1 mysql-community-server-client-debuginfo-5.6.34-2.23.1 mysql-community-server-debuginfo-5.6.34-2.23.1 mysql-community-server-debugsource-5.6.34-2.23.1 mysql-community-server-errormessages-5.6.34-2.23.1 mysql-community-server-test-5.6.34-2.23.1 mysql-community-server-test-debuginfo-5.6.34-2.23.1 mysql-community-server-tools-5.6.34-2.23.1 mysql-community-server-tools-debuginfo-5.6.34-2.23.1 - openSUSE 13.2 (x86_64): libmysql56client18-32bit-5.6.34-2.23.1 libmysql56client18-debuginfo-32bit-5.6.34-2.23.1 libmysql56client_r18-32bit-5.6.34-2.23.1 References: https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-3459.html https://www.suse.com/security/cve/CVE-2016-3477.html https://www.suse.com/security/cve/CVE-2016-3486.html https://www.suse.com/security/cve/CVE-2016-3492.html https://www.suse.com/security/cve/CVE-2016-3501.html https://www.suse.com/security/cve/CVE-2016-3521.html https://www.suse.com/security/cve/CVE-2016-3614.html https://www.suse.com/security/cve/CVE-2016-3615.html https://www.suse.com/security/cve/CVE-2016-5439.html https://www.suse.com/security/cve/CVE-2016-5440.html https://www.suse.com/security/cve/CVE-2016-5507.html https://www.suse.com/security/cve/CVE-2016-5584.html https://www.suse.com/security/cve/CVE-2016-5609.html https://www.suse.com/security/cve/CVE-2016-5612.html https://www.suse.com/security/cve/CVE-2016-5616.html https://www.suse.com/security/cve/CVE-2016-5617.html https://www.suse.com/security/cve/CVE-2016-5626.html https://www.suse.com/security/cve/CVE-2016-5627.html https://www.suse.com/security/cve/CVE-2016-5629.html https://www.suse.com/security/cve/CVE-2016-5630.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6662.html https://www.suse.com/security/cve/CVE-2016-7440.html https://www.suse.com/security/cve/CVE-2016-8283.html https://www.suse.com/security/cve/CVE-2016-8284.html https://www.suse.com/security/cve/CVE-2016-8288.html https://bugzilla.suse.com/1005555 https://bugzilla.suse.com/1005557 https://bugzilla.suse.com/1005558 https://bugzilla.suse.com/1005560 https://bugzilla.suse.com/1005561 https://bugzilla.suse.com/1005562 https://bugzilla.suse.com/1005563 https://bugzilla.suse.com/1005566 https://bugzilla.suse.com/1005567 https://bugzilla.suse.com/1005569 https://bugzilla.suse.com/1005570 https://bugzilla.suse.com/1005581 https://bugzilla.suse.com/1005582 https://bugzilla.suse.com/1005583 https://bugzilla.suse.com/1005586 https://bugzilla.suse.com/971456 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/983938 https://bugzilla.suse.com/986251 https://bugzilla.suse.com/989911 https://bugzilla.suse.com/989913 https://bugzilla.suse.com/989914 https://bugzilla.suse.com/989915 https://bugzilla.suse.com/989919 https://bugzilla.suse.com/989921 https://bugzilla.suse.com/989922 https://bugzilla.suse.com/989925 https://bugzilla.suse.com/989926 https://bugzilla.suse.com/990890 https://bugzilla.suse.com/998309 https://bugzilla.suse.com/999666 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org