openSUSE Security Update : mariadb (openSUSE-2016-761)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

mariadb was updated to version 10.0.25 to fix 25 security issues.

These security issues were fixed :

- CVE-2016-0505: Unspecified vulnerability allowed remote
authenticated users to affect availability via unknown
vectors related to Options (bsc#980904).

- CVE-2016-0546: Unspecified vulnerability allowed local
users to affect confidentiality, integrity, and
availability via unknown vectors related to Client
(bsc#980904).

- CVE-2016-0596: Unspecified vulnerability allowed remote
authenticated users to affect availability via vectors
related to DML (bsc#980904).

- CVE-2016-0597: Unspecified vulnerability allowed remote
authenticated users to affect availability via unknown
vectors related to Optimizer (bsc#980904).

- CVE-2016-0598: Unspecified vulnerability allowed remote
authenticated users to affect availability via vectors
related to DML (bsc#980904).

- CVE-2016-0600: Unspecified vulnerability allowed remote
authenticated users to affect availability via unknown
vectors related to InnoDB (bsc#980904).

- CVE-2016-0606: Unspecified vulnerability allowed remote
authenticated users to affect integrity via unknown
vectors related to encryption (bsc#980904).

- CVE-2016-0608: Unspecified vulnerability allowed remote
authenticated users to affect availability via vectors
related to UDF (bsc#980904).

- CVE-2016-0609: Unspecified vulnerability allowed remote
authenticated users to affect availability via unknown
vectors related to privileges (bsc#980904).

- CVE-2016-0616: Unspecified vulnerability allowed remote
authenticated users to affect availability via unknown
vectors related to Optimizer (bsc#980904).

- CVE-2016-0640: Unspecified vulnerability allowed local
users to affect integrity and availability via vectors
related to DML (bsc#980904).

- CVE-2016-0641: Unspecified vulnerability allowed local
users to affect confidentiality and availability via
vectors related to MyISAM (bsc#980904).

- CVE-2016-0642: Unspecified vulnerability allowed local
users to affect integrity and availability via vectors
related to Federated (bsc#980904).

- CVE-2016-0643: Unspecified vulnerability allowed local
users to affect confidentiality via vectors related to
DML (bsc#980904).

- CVE-2016-0644: Unspecified vulnerability allowed local
users to affect availability via vectors related to DDL
(bsc#980904).

- CVE-2016-0646: Unspecified vulnerability allowed local
users to affect availability via vectors related to DML
(bsc#980904).

- CVE-2016-0647: Unspecified vulnerability allowed local
users to affect availability via vectors related to FTS
(bsc#980904).

- CVE-2016-0648: Unspecified vulnerability allowed local
users to affect availability via vectors related to PS
(bsc#980904).

- CVE-2016-0649: Unspecified vulnerability allowed local
users to affect availability via vectors related to PS
(bsc#980904).

- CVE-2016-0650: Unspecified vulnerability allowed local
users to affect availability via vectors related to
Replication (bsc#980904).

- CVE-2016-0651: Unspecified vulnerability allowed local
users to affect availability via vectors related to
Optimizer (bsc#980904).

- CVE-2016-0655: Unspecified vulnerability allowed local
users to affect availability via vectors related to
InnoDB (bsc#980904).

- CVE-2016-0666: Unspecified vulnerability allowed local
users to affect availability via vectors related to
Security: Privileges (bsc#980904).

- CVE-2016-0668: Unspecified vulnerability allowed local
users to affect availability via vectors related to
InnoDB (bsc#980904).

- CVE-2016-2047: The ssl_verify_server_cert function in
sql-common/client.c did not properly verify that the
server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509
certificate, which allowed man-in-the-middle attackers
to spoof SSL servers via a '/CN=' string in a field in a
certificate, as demonstrated by
'/OU=/CN=bar.com/CN=foo.com (bsc#963806).

These non-security issues were fixed :

- bsc#970295: Fix the leftovers of 'logrotate.d/mysql'
string in the logrotate error message. Occurrences of
this string were changed to 'logrotate.d/mariadb'

- bsc#963810: Add 'log-error' and 'secure-file-priv'
configuration options

- add '/etc/my.cnf.d/error_log.conf' that specifies
'log-error = /var/log/mysql/mysqld.log'. If no path is
set, the error log is written to
'/var/lib/mysql/$HOSTNAME.err', which is not picked up
by logrotate.

- add '/etc/my.cnf.d/secure_file_priv.conf' which
specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD
FILE()' will only work with files in the directory
specified by 'secure-file-priv' option
(='/var/lib/mysql-files').

- Temporarily disable OQGraph. It seems to need the boost
library with the version not earlier than 1.40 and not
later than 1.55 (MDEV-9479)

- boo#979524: Don't remove HandlerSocket plugin

- boo#970287: Add 'BuildRequires: jemalloc-devel' in order
to allow enabling of the TokuDB plugin

- run 'usermod -g mysql mysql' only if mysql user is not
in mysql group. Run 'usermod -s /bin/false/ mysql' only
if mysql user doesn't have '/bin/false' shell set.

- Re-enable profiling support

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=963806
https://bugzilla.opensuse.org/show_bug.cgi?id=963810
https://bugzilla.opensuse.org/show_bug.cgi?id=970287
https://bugzilla.opensuse.org/show_bug.cgi?id=970295
https://bugzilla.opensuse.org/show_bug.cgi?id=979524
https://bugzilla.opensuse.org/show_bug.cgi?id=980904

Solution :

Update the affected mariadb packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)