openSUSE Security Update: mysql ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1250-1 Rating: moderate References: #644864 Cross-References: CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes one version update. Description: This mysql update fixes the following security issues - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo) - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189) - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other) - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libmysqlclient-devel-4676 - openSUSE 11.3: zypper in -t patch libmysqlclient-devel-4676 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 5.1.57]: libmysqlclient-devel-5.1.57-0.3.1 libmysqlclient16-5.1.57-0.3.1 libmysqlclient_r16-5.1.57-0.3.1 libmysqld-devel-5.1.57-0.3.1 libmysqld0-5.1.57-0.3.1 mysql-community-server-5.1.57-0.3.1 mysql-community-server-bench-5.1.57-0.3.1 mysql-community-server-client-5.1.57-0.3.1 mysql-community-server-debug-5.1.57-0.3.1 mysql-community-server-test-5.1.57-0.3.1 mysql-community-server-tools-5.1.57-0.3.1 - openSUSE 11.4 (x86_64) [New Version: 5.1.57]: libmysqlclient16-32bit-5.1.57-0.3.1 libmysqlclient_r16-32bit-5.1.57-0.3.1 - openSUSE 11.3 (i586 x86_64) [New Version: 5.1.57]: libmysqlclient-devel-5.1.57-0.3.1 libmysqlclient16-5.1.57-0.3.1 libmysqlclient_r16-5.1.57-0.3.1 libmysqld-devel-5.1.57-0.3.1 libmysqld0-5.1.57-0.3.1 mysql-community-server-5.1.57-0.3.1 mysql-community-server-bench-5.1.57-0.3.1 mysql-community-server-client-5.1.57-0.3.1 mysql-community-server-debug-5.1.57-0.3.1 mysql-community-server-test-5.1.57-0.3.1 mysql-community-server-tools-5.1.57-0.3.1 - openSUSE 11.3 (x86_64) [New Version: 5.1.57]: libmysqlclient16-32bit-5.1.57-0.3.1 libmysqlclient_r16-32bit-5.1.57-0.3.1 References: http://support.novell.com/security/cve/CVE-2010-3833.html http://support.novell.com/security/cve/CVE-2010-3834.html http://support.novell.com/security/cve/CVE-2010-3835.html http://support.novell.com/security/cve/CVE-2010-3836.html http://support.novell.com/security/cve/CVE-2010-3837.html http://support.novell.com/security/cve/CVE-2010-3838.html http://support.novell.com/security/cve/CVE-2010-3839.html http://support.novell.com/security/cve/CVE-2010-3840.html https://bugzilla.novell.com/644864