openSUSE Security Update: mysql security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0730-1 Rating: important References: #582656 #607466 #609551 #637499 Cross-References: CVE-2010-1621 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-2008 CVE-2010-3675 CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. It includes one version update. Description: - local users could delete data files for tables of other users (CVE-2010-1626). - authenticated users could gather information for tables they should not have access to (CVE-2010-1849) - authenticated users could crash mysqld (CVE-2010-1848) - authenticated users could potentially execute arbitrary code as the user running mysqld (CVE-2010-1850) - authenticated users could crash mysqld (CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-2008) - a race condition in /etc/init.d/mysql allowed local users to make any file readable via symlink in /var/tmp (CVE-2010-3675) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch libmysqlclient-devel-3260 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 x86_64) [New Version: 5.1.49]: libmysqlclient-devel-5.1.49-0.1.1 libmysqlclient16-5.1.49-0.1.1 libmysqlclient_r16-5.1.49-0.1.1 libmysqld-devel-5.1.49-0.1.1 mysql-5.1.49-0.1.1 mysql-bench-5.1.49-0.1.1 mysql-client-5.1.49-0.1.1 mysql-debug-5.1.49-0.1.1 mysql-ndb-extra-5.1.49-0.1.1 mysql-ndb-management-5.1.49-0.1.1 mysql-ndb-storage-5.1.49-0.1.1 mysql-ndb-tools-5.1.49-0.1.1 mysql-test-5.1.49-0.1.1 mysql-tools-5.1.49-0.1.1 - openSUSE 11.2 (x86_64) [New Version: 5.1.49]: libmysqlclient16-32bit-5.1.49-0.1.1 libmysqlclient_r16-32bit-5.1.49-0.1.1 References: http://support.novell.com/security/cve/CVE-2010-1621.html http://support.novell.com/security/cve/CVE-2010-1626.html http://support.novell.com/security/cve/CVE-2010-1848.html http://support.novell.com/security/cve/CVE-2010-1849.html http://support.novell.com/security/cve/CVE-2010-1850.html http://support.novell.com/security/cve/CVE-2010-2008.html http://support.novell.com/security/cve/CVE-2010-3675.html http://support.novell.com/security/cve/CVE-2010-3676.html http://support.novell.com/security/cve/CVE-2010-3677.html http://support.novell.com/security/cve/CVE-2010-3678.html http://support.novell.com/security/cve/CVE-2010-3679.html http://support.novell.com/security/cve/CVE-2010-3680.html http://support.novell.com/security/cve/CVE-2010-3681.html http://support.novell.com/security/cve/CVE-2010-3682.html http://support.novell.com/security/cve/CVE-2010-3683.html https://bugzilla.novell.com/582656 https://bugzilla.novell.com/607466 https://bugzilla.novell.com/609551 https://bugzilla.novell.com/637499