   SUSE Security Update: Security update for mariadb
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1273-1
Rating:             important
References:         #906574 #919053 #919062 #920865 #920896 #921333 
                    #924663 #924960 #924961 #934789 #936407 #936408 
                    #936409 
Cross-References:   CVE-2014-8964 CVE-2015-0433 CVE-2015-0441
                    CVE-2015-0499 CVE-2015-0501 CVE-2015-0505
                    CVE-2015-2325 CVE-2015-2326 CVE-2015-2568
                    CVE-2015-2571 CVE-2015-2573 CVE-2015-3152
                   
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has one errata
   is now available.

Description:


         This update fixes the following security issues:
       * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]
       * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]
       * CVE-2014-8964: heap buffer overflow [bnc#906574]
       * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]
       * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]
       * CVE-2015-0501: unspecified vulnerability related to Server:Compiling
         (CPU April 2015)
       * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer
         (CPU April 2015)
       * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU
         April 2015)
       * CVE-2015-0499: unspecified vulnerability related to Server:Federated
         (CPU April 2015)
       * CVE-2015-2568: unspecified vulnerability related to
         Server:Security:Privileges (CPU April 2015)
       * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU
         April 2015)
       * CVE-2015-0433: unspecified vulnerability related to
         Server:InnoDB:DML (CPU April 2015)
       * CVE-2015-0441: unspecified vulnerability related to
         Server:Security:Encryption (CPU April 2015)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2015-332=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-332=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      libmysqlclient_r18-10.0.20-18.1
      libmysqlclient_r18-32bit-10.0.20-18.1
      mariadb-debuginfo-10.0.20-18.1
      mariadb-debugsource-10.0.20-18.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      libmysqlclient-devel-10.0.20-18.1
      libmysqlclient_r18-10.0.20-18.1
      libmysqld-devel-10.0.20-18.1
      libmysqld18-10.0.20-18.1
      libmysqld18-debuginfo-10.0.20-18.1
      mariadb-debuginfo-10.0.20-18.1
      mariadb-debugsource-10.0.20-18.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      libmysqlclient18-10.0.20-18.1
      libmysqlclient18-debuginfo-10.0.20-18.1
      mariadb-10.0.20-18.1
      mariadb-client-10.0.20-18.1
      mariadb-client-debuginfo-10.0.20-18.1
      mariadb-debuginfo-10.0.20-18.1
      mariadb-debugsource-10.0.20-18.1
      mariadb-errormessages-10.0.20-18.1
      mariadb-tools-10.0.20-18.1
      mariadb-tools-debuginfo-10.0.20-18.1

   - SUSE Linux Enterprise Server 12 (s390x x86_64):

      libmysqlclient18-32bit-10.0.20-18.1
      libmysqlclient18-debuginfo-32bit-10.0.20-18.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      libmysqlclient18-10.0.20-18.1
      libmysqlclient18-32bit-10.0.20-18.1
      libmysqlclient18-debuginfo-10.0.20-18.1
      libmysqlclient18-debuginfo-32bit-10.0.20-18.1
      libmysqlclient_r18-10.0.20-18.1
      libmysqlclient_r18-32bit-10.0.20-18.1
      mariadb-10.0.20-18.1
      mariadb-client-10.0.20-18.1
      mariadb-client-debuginfo-10.0.20-18.1
      mariadb-debuginfo-10.0.20-18.1
      mariadb-debugsource-10.0.20-18.1
      mariadb-errormessages-10.0.20-18.1


References:

   https://www.suse.com/security/cve/CVE-2014-8964.html
   https://www.suse.com/security/cve/CVE-2015-0433.html
   https://www.suse.com/security/cve/CVE-2015-0441.html
   https://www.suse.com/security/cve/CVE-2015-0499.html
   https://www.suse.com/security/cve/CVE-2015-0501.html
   https://www.suse.com/security/cve/CVE-2015-0505.html
   https://www.suse.com/security/cve/CVE-2015-2325.html
   https://www.suse.com/security/cve/CVE-2015-2326.html
   https://www.suse.com/security/cve/CVE-2015-2568.html
   https://www.suse.com/security/cve/CVE-2015-2571.html
   https://www.suse.com/security/cve/CVE-2015-2573.html
   https://www.suse.com/security/cve/CVE-2015-3152.html
   https://bugzilla.suse.com/906574
   https://bugzilla.suse.com/919053
   https://bugzilla.suse.com/919062
   https://bugzilla.suse.com/920865
   https://bugzilla.suse.com/920896
   https://bugzilla.suse.com/921333
   https://bugzilla.suse.com/924663
   https://bugzilla.suse.com/924960
   https://bugzilla.suse.com/924961
   https://bugzilla.suse.com/934789
   https://bugzilla.suse.com/936407
   https://bugzilla.suse.com/936408
   https://bugzilla.suse.com/936409

SuSE: 2015:1273-1: important: mariadb

July 21, 2015

An update that solves 12 vulnerabilities and has one errata An update that solves 12 vulnerabilities and has one errata An update that solves 12 vulnerabilities and has one errata ...

Summary

This update fixes the following security issues: * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] * CVE-2014-8964: heap buffer overflow [bnc#906574] * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] * CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) * CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) * CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-332=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-332=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libmysqlclient_r18-10.0.20-18.1 libmysqlclient_r18-32bit-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.20-18.1 libmysqlclient_r18-10.0.20-18.1 libmysqld-devel-10.0.20-18.1 libmysqld18-10.0.20-18.1 libmysqld18-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmysqlclient18-10.0.20-18.1 libmysqlclient18-debuginfo-10.0.20-18.1 mariadb-10.0.20-18.1 mariadb-client-10.0.20-18.1 mariadb-client-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 mariadb-errormessages-10.0.20-18.1 mariadb-tools-10.0.20-18.1 mariadb-tools-debuginfo-10.0.20-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmysqlclient18-32bit-10.0.20-18.1 libmysqlclient18-debuginfo-32bit-10.0.20-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmysqlclient18-10.0.20-18.1 libmysqlclient18-32bit-10.0.20-18.1 libmysqlclient18-debuginfo-10.0.20-18.1 libmysqlclient18-debuginfo-32bit-10.0.20-18.1 libmysqlclient_r18-10.0.20-18.1 libmysqlclient_r18-32bit-10.0.20-18.1 mariadb-10.0.20-18.1 mariadb-client-10.0.20-18.1 mariadb-client-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 mariadb-errormessages-10.0.20-18.1

References

#906574 #919053 #919062 #920865 #920896 #921333

#924663 #924960 #924961 #934789 #936407 #936408

#936409

Cross- CVE-2014-8964 CVE-2015-0433 CVE-2015-0441

CVE-2015-0499 CVE-2015-0501 CVE-2015-0505

CVE-2015-2325 CVE-2015-2326 CVE-2015-2568

CVE-2015-2571 CVE-2015-2573 CVE-2015-3152

Affected Products:

SUSE Linux Enterprise Workstation Extension 12

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Desktop 12

https://www.suse.com/security/cve/CVE-2014-8964.html

https://www.suse.com/security/cve/CVE-2015-0433.html

https://www.suse.com/security/cve/CVE-2015-0441.html

https://www.suse.com/security/cve/CVE-2015-0499.html

https://www.suse.com/security/cve/CVE-2015-0501.html

https://www.suse.com/security/cve/CVE-2015-0505.html

https://www.suse.com/security/cve/CVE-2015-2325.html

https://www.suse.com/security/cve/CVE-2015-2326.html

https://www.suse.com/security/cve/CVE-2015-2568.html

https://www.suse.com/security/cve/CVE-2015-2571.html

https://www.suse.com/security/cve/CVE-2015-2573.html

https://www.suse.com/security/cve/CVE-2015-3152.html

https://bugzilla.suse.com/906574

https://bugzilla.suse.com/919053

https://bugzilla.suse.com/919062

https://bugzilla.suse.com/920865

https://bugzilla.suse.com/920896

https://bugzilla.suse.com/921333

https://bugzilla.suse.com/924663

https://bugzilla.suse.com/924960

https://bugzilla.suse.com/924961

https://bugzilla.suse.com/934789

https://bugzilla.suse.com/936407

https://bugzilla.suse.com/936408

https://bugzilla.suse.com/936409

Severity

Announcement ID: SUSE-SU-2015:1273-1

Rating: important

SuSE: 2015:1273-1: important: mariadb

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By