Security update for mariadb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2278-1 Final 1 1 2016-09-09T08:47:41Z current 2016-09-09T08:47:41Z 2016-09-09T08:47:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: - CVE-2016-3477: Unspecified vulnerability in subcomponent parser [bsc#991616] - CVE-2016-3521: Unspecified vulnerability in subcomponent types [bsc#991616] - CVE-2016-3615: Unspecified vulnerability in subcomponent dml [bsc#991616] - CVE-2016-5440: Unspecified vulnerability in subcomponent rbr [bsc#991616] - mariadb failing test main.bootstrap [bsc#984858] - left over 'openSUSE' comments in MariaDB on SLE12 GM and SP1 [bsc#985217] - remove unnecessary conditionals from specfile - add '--ignore-db-dir=lost+found' option to rc.mysql-multi in order not to misinterpret the lost+found directory as a database [bsc#986251] This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html E-Mail link for openSUSE-SU-2016:2278-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libmysqlclient-devel-10.0.26-9.1 libmysqlclient18-10.0.26-9.1 libmysqlclient18-32bit-10.0.26-9.1 libmysqlclient_r18-10.0.26-9.1 libmysqlclient_r18-32bit-10.0.26-9.1 libmysqld-devel-10.0.26-9.1 libmysqld18-10.0.26-9.1 mariadb-10.0.26-9.1 mariadb-bench-10.0.26-9.1 mariadb-client-10.0.26-9.1 mariadb-errormessages-10.0.26-9.1 mariadb-test-10.0.26-9.1 mariadb-tools-10.0.26-9.1 libmysqlclient-devel-10.0.26-9.1 as a component of openSUSE Leap 42.1 libmysqlclient18-10.0.26-9.1 as a component of openSUSE Leap 42.1 libmysqlclient18-32bit-10.0.26-9.1 as a component of openSUSE Leap 42.1 libmysqlclient_r18-10.0.26-9.1 as a component of openSUSE Leap 42.1 libmysqlclient_r18-32bit-10.0.26-9.1 as a component of openSUSE Leap 42.1 libmysqld-devel-10.0.26-9.1 as a component of openSUSE Leap 42.1 libmysqld18-10.0.26-9.1 as a component of openSUSE Leap 42.1 mariadb-10.0.26-9.1 as a component of openSUSE Leap 42.1 mariadb-bench-10.0.26-9.1 as a component of openSUSE Leap 42.1 mariadb-client-10.0.26-9.1 as a component of openSUSE Leap 42.1 mariadb-errormessages-10.0.26-9.1 as a component of openSUSE Leap 42.1 mariadb-test-10.0.26-9.1 as a component of openSUSE Leap 42.1 mariadb-tools-10.0.26-9.1 as a component of openSUSE Leap 42.1 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. CVE-2016-3477 openSUSE Leap 42.1:libmysqlclient-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqld-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqld18-10.0.26-9.1 openSUSE Leap 42.1:mariadb-10.0.26-9.1 openSUSE Leap 42.1:mariadb-bench-10.0.26-9.1 openSUSE Leap 42.1:mariadb-client-10.0.26-9.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.26-9.1 openSUSE Leap 42.1:mariadb-test-10.0.26-9.1 openSUSE Leap 42.1:mariadb-tools-10.0.26-9.1 important 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html https://www.suse.com/security/cve/CVE-2016-3477.html CVE-2016-3477 https://bugzilla.suse.com/989913 SUSE Bug 989913 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. CVE-2016-3521 openSUSE Leap 42.1:libmysqlclient-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqld-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqld18-10.0.26-9.1 openSUSE Leap 42.1:mariadb-10.0.26-9.1 openSUSE Leap 42.1:mariadb-bench-10.0.26-9.1 openSUSE Leap 42.1:mariadb-client-10.0.26-9.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.26-9.1 openSUSE Leap 42.1:mariadb-test-10.0.26-9.1 openSUSE Leap 42.1:mariadb-tools-10.0.26-9.1 important 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html https://www.suse.com/security/cve/CVE-2016-3521.html CVE-2016-3521 https://bugzilla.suse.com/989919 SUSE Bug 989919 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. CVE-2016-3615 openSUSE Leap 42.1:libmysqlclient-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqld-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqld18-10.0.26-9.1 openSUSE Leap 42.1:mariadb-10.0.26-9.1 openSUSE Leap 42.1:mariadb-bench-10.0.26-9.1 openSUSE Leap 42.1:mariadb-client-10.0.26-9.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.26-9.1 openSUSE Leap 42.1:mariadb-test-10.0.26-9.1 openSUSE Leap 42.1:mariadb-tools-10.0.26-9.1 important 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html https://www.suse.com/security/cve/CVE-2016-3615.html CVE-2016-3615 https://bugzilla.suse.com/989922 SUSE Bug 989922 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. CVE-2016-5440 openSUSE Leap 42.1:libmysqlclient-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.26-9.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.26-9.1 openSUSE Leap 42.1:libmysqld-devel-10.0.26-9.1 openSUSE Leap 42.1:libmysqld18-10.0.26-9.1 openSUSE Leap 42.1:mariadb-10.0.26-9.1 openSUSE Leap 42.1:mariadb-bench-10.0.26-9.1 openSUSE Leap 42.1:mariadb-client-10.0.26-9.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.26-9.1 openSUSE Leap 42.1:mariadb-test-10.0.26-9.1 openSUSE Leap 42.1:mariadb-tools-10.0.26-9.1 important 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html https://www.suse.com/security/cve/CVE-2016-5440.html CVE-2016-5440 https://bugzilla.suse.com/989926 SUSE Bug 989926 https://bugzilla.suse.com/991616 SUSE Bug 991616