openSUSE Security Update : mariadb (openSUSE-2016-1416)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This mariadb update to version 10.0.28 fixes the following issues
(bsc#1008318) :

Security fixes :

- CVE-2016-8283: Unspecified vulnerability in subcomponent
Types (bsc#1005582)

- CVE-2016-7440: Unspecified vulnerability in subcomponent
Encryption (bsc#1005581)

- CVE-2016-5629: Unspecified vulnerability in subcomponent
Federated (bsc#1005569)

- CVE-2016-5626: Unspecified vulnerability in subcomponent
GIS (bsc#1005566)

- CVE-2016-5624: Unspecified vulnerability in subcomponent
DML (bsc#1005564)

- CVE-2016-5616: Unspecified vulnerability in subcomponent
MyISAM (bsc#1005562)

- CVE-2016-5584: Unspecified vulnerability in subcomponent
Encryption (bsc#1005558)

- CVE-2016-3492: Unspecified vulnerability in subcomponent
Optimizer (bsc#1005555)

- CVE-2016-6663: Privilege Escalation / Race Condition
(bsc#1001367)

Bugfixes :

- mariadb failing test sys_vars.optimizer_switch_basic
(bsc#1003800)

- Remove useless [email protected] (bsc#1004477)

- Replace all occurrences of the string '@[email protected]'
with '/etc' as it wasn't expanded properly (bsc#990890)

- Notable changes :

- XtraDB updated to 5.6.33-79.0

- TokuDB updated to 5.6.33-79.0

- Innodb updated to 5.6.33

- Performance Schema updated to 5.6.33

- Release notes and upstream changelog :

- https://kb.askmonty.org/en/mariadb-10028-release-notes

- https://kb.askmonty.org/en/mariadb-10028-changelog

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1001367
https://bugzilla.opensuse.org/show_bug.cgi?id=1003800
https://bugzilla.opensuse.org/show_bug.cgi?id=1004477
https://bugzilla.opensuse.org/show_bug.cgi?id=1005555
https://bugzilla.opensuse.org/show_bug.cgi?id=1005558
https://bugzilla.opensuse.org/show_bug.cgi?id=1005562
https://bugzilla.opensuse.org/show_bug.cgi?id=1005564
https://bugzilla.opensuse.org/show_bug.cgi?id=1005566
https://bugzilla.opensuse.org/show_bug.cgi?id=1005569
https://bugzilla.opensuse.org/show_bug.cgi?id=1005581
https://bugzilla.opensuse.org/show_bug.cgi?id=1005582
https://bugzilla.opensuse.org/show_bug.cgi?id=1008318
https://bugzilla.opensuse.org/show_bug.cgi?id=990890
https://kb.askmonty.org/en/mariadb-10028-changelog
https://kb.askmonty.org/en/mariadb-10028-release-notes

Solution :

Update the affected mariadb packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95596 ()

Bugtraq ID:

CVE ID: CVE-2016-3492
CVE-2016-5584
CVE-2016-5616
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-6663
CVE-2016-7440
CVE-2016-8283

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now