SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

mariadb was updated to version 10.0.16 to fix 40 security issues.

These security issues were fixed :

- CVE-2015-0411: Unspecified vulnerability in Oracle MySQL
Server 5.5.40 and earlier, and 5.6.21 and earlier,
allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related
to Server : Security : Encryption (bnc#915911).

- CVE-2015-0382: Unspecified vulnerability in Oracle MySQL
Server 5.5.40 and earlier and 5.6.21 and earlier allowed
remote attackers to affect availability via unknown
vectors related to Server : Replication, a different
vulnerability than CVE-2015-0381 (bnc#915911).

- CVE-2015-0381: Unspecified vulnerability in Oracle MySQL
Server 5.5.40 and earlier and 5.6.21 and earlier allowed
remote attackers to affect availability via unknown
vectors related to Server : Replication, a different
vulnerability than CVE-2015-0382 (bnc#915911).

- CVE-2015-0432: Unspecified vulnerability in Oracle MySQL
Server 5.5.40 and earlier allowed remote authenticated
users to affect availability via vectors related to
Server : InnoDB : DDL : Foreign Key (bnc#915911).

- CVE-2014-6568: Unspecified vulnerability in Oracle MySQL
Server 5.5.40 and earlier, and 5.6.21 and earlier,
allowed remote authenticated users to affect
availability via vectors related to Server : InnoDB :
DML (bnc#915911).

- CVE-2015-0374: Unspecified vulnerability in Oracle MySQL
Server 5.5.40 and earlier and 5.6.21 and earlier allowed
remote authenticated users to affect confidentiality via
unknown vectors related to Server : Security :
Privileges : Foreign Key (bnc#915911).

- CVE-2014-6507: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier, and 5.6.20 and earlier,
allowed remote authenticated users to affect
confidentiality, integrity, and availability via vectors
related to SERVER:DML (bnc#915912).

- CVE-2014-6491: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier and 5.6.20 and earlier allowed
remote attackers to affect confidentiality, integrity,
and availability via vectors related to
SERVER:SSL:yaSSL, a different vulnerability than
CVE-2014-6500 (bnc#915912).

- CVE-2014-6500: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier, and 5.6.20 and earlier,
allowed remote attackers to affect confidentiality,
integrity, and availability via vectors related to
SERVER:SSL:yaSSL, a different vulnerability than
CVE-2014-6491 (bnc#915912).

- CVE-2014-6469: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and eariler and 5.6.20 and earlier allowed
remote authenticated users to affect availability via
vectors related to SERVER:OPTIMIZER (bnc#915912).

- CVE-2014-6555: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier and 5.6.20 and earlier allowed
remote authenticated users to affect confidentiality,
integrity, and availability via vectors related to
SERVER:DML (bnc#915912).

- CVE-2014-6559: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier, and 5.6.20 and earlier,
allowed remote attackers to affect confidentiality via
vectors related to C API SSL CERTIFICATE HANDLING
(bnc#915912).

- CVE-2014-6494: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier, and 5.6.20 and earlier,
allowed remote attackers to affect availability via
vectors related to CLIENT:SSL:yaSSL, a different
vulnerability than CVE-2014-6496 (bnc#915912).

- CVE-2014-6496: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier, and 5.6.20 and earlier,
allowed remote attackers to affect availability via
vectors related to CLIENT:SSL:yaSSL, a different
vulnerability than CVE-2014-6494 (bnc#915912).

- CVE-2014-6464: Unspecified vulnerability in Oracle MySQL
Server 5.5.39 and earlier and 5.6.20 and earlier allowed
remote authenticated users to affect availability via
vectors related to SERVER:INNODB DML FOREIGN KEYS
(bnc#915912).

- CVE-2010-5298: Race condition in the ssl3_read_bytes
function in s3_pkt.c in OpenSSL through 1.0.1g, when
SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote
attackers to inject data across sessions or cause a
denial of service (use-after-free and parsing error) via
an SSL connection in a multithreaded environment
(bnc#873351).

- CVE-2014-0195: The dtls1_reassemble_fragment function in
d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before
1.0.0m, and 1.0.1 before 1.0.1h did not properly
validate fragment lengths in DTLS ClientHello messages,
which allowed remote attackers to execute arbitrary code
or cause a denial of service (buffer overflow and
application crash) via a long non-initial fragment
(bnc#880891).

- CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in
OpenSSL 1.x through 1.0.1g, when
SSL_MODE_RELEASE_BUFFERS is enabled, did not properly
manage a buffer pointer during certain recursive calls,
which allowed remote attackers to cause a denial of
service (NULL pointer dereference and application crash)
via vectors that trigger an alert condition
(bnc#876282).

- CVE-2014-0221: The dtls1_get_message_fragment function
in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before
1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers
to cause a denial of service (recursion and client
crash) via a DTLS hello message in an invalid DTLS
handshake (bnc#915913).

- CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before
1.0.0m, and 1.0.1 before 1.0.1h did not properly
restrict processing of ChangeCipherSpec messages, which
allowed man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL
communications, and consequently hijack sessions or
obtain sensitive information, via a crafted TLS
handshake, aka the 'CCS Injection' vulnerability
(bnc#915913).

- CVE-2014-3470: The ssl3_send_client_key_exchange
function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0
before 1.0.0m, and 1.0.1 before 1.0.1h, when an
anonymous ECDH cipher suite is used, allowed remote
attackers to cause a denial of service (NULL pointer
dereference and client crash) by triggering a NULL
certificate value (bnc#915913).

- CVE-2014-6474: Unspecified vulnerability in Oracle MySQL
Server 5.6.19 and earlier allowed remote authenticated
users to affect availability via vectors related to
SERVER:MEMCACHED (bnc#915913).

- CVE-2014-6489: Unspecified vulnerability in Oracle MySQL
Server 5.6.19 and earlier allowed remote authenticated
users to affect integrity and availability via vectors
related to SERVER:SP (bnc#915913).

- CVE-2014-6564: Unspecified vulnerability in Oracle MySQL
Server 5.6.19 and earlier allowed remote authenticated
users to affect availability via vectors related to
SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).

- CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19
and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13,
5.1.66, and possibly other versions, generates different
error messages with different time delays depending on
whether a user name exists, which allowed remote
attackers to enumerate valid usernames (bnc#915913).

- CVE-2014-4274: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier and 5.6.19 and earlier allowed
local users to affect confidentiality, integrity, and
availability via vectors related to SERVER:MyISAM
(bnc#896400).

- CVE-2014-4287: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier and 5.6.19 and earlier allowed
remote authenticated users to affect availability via
vectors related to SERVER:CHARACTER SETS (bnc#915913).

- CVE-2014-6463: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier and 5.6.19 and earlier allowed
remote authenticated users to affect availability via
vectors related to SERVER:REPLICATION ROW FORMAT BINARY
LOG DML (bnc#915913).

- CVE-2014-6478: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier, and 5.6.19 and earlier,
allowed remote attackers to affect integrity via vectors
related to SERVER:SSL:yaSSL (bnc#915913).

- CVE-2014-6484: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier, and 5.6.19 and earlier,
allowed remote authenticated users to affect
availability via vectors related to SERVER:DML
(bnc#915913).

- CVE-2014-6495: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier, and 5.6.19 and earlier,
allowed remote attackers to affect availability via
vectors related to SERVER:SSL:yaSSL (bnc#915913).

- CVE-2014-6505: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier, and 5.6.19 and earlier,
allowed remote authenticated users to affect
availability via vectors related to SERVER:MEMORY
STORAGE ENGINE (bnc#915913).

- CVE-2014-6520: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier allowed remote authenticated
users to affect availability via vectors related to
SERVER:DDL (bnc#915913).

- CVE-2014-6530: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier, and 5.6.19 and earlier,
allowed remote authenticated users to affect
confidentiality, integrity, and availability via vectors
related to CLIENT:MYSQLDUMP (bnc#915913).

- CVE-2014-6551: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier and 5.6.19 and earlier allowed
local users to affect confidentiality via vectors
related to CLIENT:MYSQLADMIN (bnc#915913).

- CVE-2015-0391: Unspecified vulnerability in Oracle MySQL
Server 5.5.38 and earlier, and 5.6.19 and earlier,
allowed remote authenticated users to affect
availability via vectors related to DDL (bnc#915913).

- CVE-2014-4258: Unspecified vulnerability in the MySQL
Server component in Oracle MySQL 5.5.37 and earlier and
5.6.17 and earlier allowed remote authenticated users to
affect confidentiality, integrity, and availability via
vectors related to SRINFOSC (bnc#915914).

- CVE-2014-4260: Unspecified vulnerability in the MySQL
Server component in Oracle MySQL 5.5.37 and earlier, and
5.6.17 and earlier, allowed remote authenticated users
to affect integrity and availability via vectors related
to SRCHAR (bnc#915914).

- CVE-2014-2494: Unspecified vulnerability in the MySQL
Server component in Oracle MySQL 5.5.37 and earlier
allowed remote authenticated users to affect
availability via vectors related to ENARC (bnc#915914).

- CVE-2014-4207: Unspecified vulnerability in the MySQL
Server component in Oracle MySQL 5.5.37 and earlier
allowed remote authenticated users to affect
availability via vectors related to SROPTZR
(bnc#915914).

These non-security issues were fixed :

- Get query produced incorrect results in MariaDB 10.0.11
vs MySQL 5.5 - SLES12 (bnc#906194).

- After update to version 10.0.14 mariadb did not start -
Job for mysql.service failed (bnc#911442).

- Fix crash when disk full situation is reached on alter
table (bnc#904627).

- Allow md5 in FIPS mode (bnc#911556).

- Fixed a situation when bit and hex string literals
unintentionally changed column names (bnc#919229).

Release notes: https://kb.askmonty.org/en/mariadb-10016-release-notes/

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://kb.askmonty.org/en/mariadb-10016-release-notes/
http://www.nessus.org/u?fec48b8d

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2015-170=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-170=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-170=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-170=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true