Mailinglist Archive: opensuse-updates (48 mails)

< Previous Next >
openSUSE-SU-2010:0730-1 (important): mysql security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Fri, 15 Oct 2010 21:08:14 +0200 (CEST)
  • Message-id: <20101015190814.2C209BE45@xxxxxxxxxxxxxx>
openSUSE Security Update: mysql security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0730-1
Rating: important
References: #582656 #607466 #609551 #637499
Cross-References: CVE-2010-1621 CVE-2010-1626 CVE-2010-1848
CVE-2010-1849 CVE-2010-1850 CVE-2010-2008
CVE-2010-3675 CVE-2010-3676 CVE-2010-3677
CVE-2010-3678 CVE-2010-3679 CVE-2010-3680
CVE-2010-3681 CVE-2010-3682 CVE-2010-3683

Affected Products:
openSUSE 11.2
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.
It includes one version update.

Description:

- local users could delete data files for tables of other
users (CVE-2010-1626).

- authenticated users could gather information for tables
they should not have access to (CVE-2010-1849)

- authenticated users could crash mysqld (CVE-2010-1848)

- authenticated users could potentially execute arbitrary
code as the user running mysqld (CVE-2010-1850)

- authenticated users could crash mysqld (CVE-2010-3676,
CVE-2010-3677, CVE-2010-3678, CVE-2010-3679,
CVE-2010-3680, CVE-2010-3681, CVE-2010-3682,
CVE-2010-3683, CVE-2010-2008)

- a race condition in /etc/init.d/mysql allowed local users
to make any file readable via symlink in /var/tmp
(CVE-2010-3675)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.2:

zypper in -t patch libmysqlclient-devel-3260

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.2 (i586 x86_64) [New Version: 5.1.49]:

libmysqlclient-devel-5.1.49-0.1.1
libmysqlclient16-5.1.49-0.1.1
libmysqlclient_r16-5.1.49-0.1.1
libmysqld-devel-5.1.49-0.1.1
mysql-5.1.49-0.1.1
mysql-bench-5.1.49-0.1.1
mysql-client-5.1.49-0.1.1
mysql-debug-5.1.49-0.1.1
mysql-ndb-extra-5.1.49-0.1.1
mysql-ndb-management-5.1.49-0.1.1
mysql-ndb-storage-5.1.49-0.1.1
mysql-ndb-tools-5.1.49-0.1.1
mysql-test-5.1.49-0.1.1
mysql-tools-5.1.49-0.1.1

- openSUSE 11.2 (x86_64) [New Version: 5.1.49]:

libmysqlclient16-32bit-5.1.49-0.1.1
libmysqlclient_r16-32bit-5.1.49-0.1.1


References:

http://support.novell.com/security/cve/CVE-2010-1621.html
http://support.novell.com/security/cve/CVE-2010-1626.html
http://support.novell.com/security/cve/CVE-2010-1848.html
http://support.novell.com/security/cve/CVE-2010-1849.html
http://support.novell.com/security/cve/CVE-2010-1850.html
http://support.novell.com/security/cve/CVE-2010-2008.html
http://support.novell.com/security/cve/CVE-2010-3675.html
http://support.novell.com/security/cve/CVE-2010-3676.html
http://support.novell.com/security/cve/CVE-2010-3677.html
http://support.novell.com/security/cve/CVE-2010-3678.html
http://support.novell.com/security/cve/CVE-2010-3679.html
http://support.novell.com/security/cve/CVE-2010-3680.html
http://support.novell.com/security/cve/CVE-2010-3681.html
http://support.novell.com/security/cve/CVE-2010-3682.html
http://support.novell.com/security/cve/CVE-2010-3683.html
https://bugzilla.novell.com/582656
https://bugzilla.novell.com/607466
https://bugzilla.novell.com/609551
https://bugzilla.novell.com/637499


< Previous Next >
This Thread
  • No further messages