openSUSE Security Update : mariadb (openSUSE-2016-1274)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for mariadb to 10.0.27 fixes the following issues :

- release notes :

- https://kb.askmonty.org/en/mariadb-10027-release-notes

- https://kb.askmonty.org/en/mariadb-10026-release-notes

- changelog :

- https://kb.askmonty.org/en/mariadb-10027-changelog

- https://kb.askmonty.org/en/mariadb-10026-changelog

- fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630,
CVE-2016-6662 10.0.26: CVE-2016-5440, CVE-2016-3615,
CVE-2016-3521, CVE-2016-3477

- fix: [boo#1005561], [boo#1005570], [boo#998309],
[boo#989926], [boo#989922], [boo#989919], [boo#989913]

- requires devel packages for aio and lzo2

- remove mariadb-10.0.21-mysql-test_main_bootstrap.patch
that is no longer needed [boo#984858]

- append '--ignore-db-dir=lost+found' to the mysqld
options in 'mysql-systemd-helper' script if 'lost+found'
directory is found in $datadir [boo#986251]

- remove syslog.target from *.service files [boo#983938]

- add systemd to deps to build on leap and friends

- replace '%{_libexecdir}/systemd/system' with %{_unitdir}
macro

- remove useless [email protected] [boo#971456]

- make ORDER BY optimization functions take into account
multiple equalities [boo#949520]

- adjust mysql-test results in order to take account of a
new option (orderby_uses_equalities) added by the
optimizer patch [boo#1003800]

- replace all occurrences of the string '@[email protected]'
with '/etc' in
mysql-community-server-5.1.46-logrotate.patch as it
wasn't expanded properly [boo#990890]

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1003800
https://bugzilla.opensuse.org/show_bug.cgi?id=1005561
https://bugzilla.opensuse.org/show_bug.cgi?id=1005570
https://bugzilla.opensuse.org/show_bug.cgi?id=949520
https://bugzilla.opensuse.org/show_bug.cgi?id=971456
https://bugzilla.opensuse.org/show_bug.cgi?id=983938
https://bugzilla.opensuse.org/show_bug.cgi?id=984858
https://bugzilla.opensuse.org/show_bug.cgi?id=986251
https://bugzilla.opensuse.org/show_bug.cgi?id=989913
https://bugzilla.opensuse.org/show_bug.cgi?id=989919
https://bugzilla.opensuse.org/show_bug.cgi?id=989922
https://bugzilla.opensuse.org/show_bug.cgi?id=989926
https://bugzilla.opensuse.org/show_bug.cgi?id=990890
https://bugzilla.opensuse.org/show_bug.cgi?id=998309
https://kb.askmonty.org/en/mariadb-10026-changelog
https://kb.askmonty.org/en/mariadb-10026-release-notes
https://kb.askmonty.org/en/mariadb-10027-changelog
https://kb.askmonty.org/en/mariadb-10027-release-notes

Solution :

Update the affected mariadb packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 94649 ()

Bugtraq ID:

CVE ID: CVE-2016-3477
CVE-2016-3521
CVE-2016-3615
CVE-2016-5440
CVE-2016-5612
CVE-2016-5630
CVE-2016-6662

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now