openSUSE Security Update : mysql-community-server (openSUSE-2017-866)

Medium Nessus Plugin ID 102056

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for mysql-community-server to version 5.6.37 fixes security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394)

- CVE-2017-3634: DML unspecified vulnerability (boo#1049396)

- CVE-2017-3635: C API unspecified vulnerability (boo#1049398)

- CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399)

- CVE-2017-3641: DML unspecified vulnerability (boo#1049404)

- CVE-2017-3647: Replication unspecified vulnerability (boo#1049410)

- CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411)

- CVE-2017-3649: Replication unspecified vulnerability (boo#1049412)

- CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415)

- CVE-2017-3652: DDL unspecified vulnerability (boo#1049416)

- CVE-2017-3653: DDL unspecified vulnerability (boo#1049417)

- CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included :

- switch systemd unit file from 'Restart=on-failure' to 'Restart=on-abort'

- update file lists for new man-pages and tools (for mariadb)

For a list of upstream changes in this release, see:
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html

Solution

Update the affected mysql-community-server packages.

See Also

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html

https://bugzilla.opensuse.org/show_bug.cgi?id=1049394

https://bugzilla.opensuse.org/show_bug.cgi?id=1049396

https://bugzilla.opensuse.org/show_bug.cgi?id=1049398

https://bugzilla.opensuse.org/show_bug.cgi?id=1049399

https://bugzilla.opensuse.org/show_bug.cgi?id=1049404

https://bugzilla.opensuse.org/show_bug.cgi?id=1049410

https://bugzilla.opensuse.org/show_bug.cgi?id=1049411

https://bugzilla.opensuse.org/show_bug.cgi?id=1049412

https://bugzilla.opensuse.org/show_bug.cgi?id=1049415

https://bugzilla.opensuse.org/show_bug.cgi?id=1049416

https://bugzilla.opensuse.org/show_bug.cgi?id=1049417

https://bugzilla.opensuse.org/show_bug.cgi?id=1049421

https://bugzilla.opensuse.org/show_bug.cgi?id=1049422

Plugin Details

Severity: Medium

ID: 102056

File Name: openSUSE-2017-866.nasl

Version: 3.4

Type: local

Agent: unix

Published: 2017/07/31

Updated: 2018/11/19

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libmysql56client18, p-cpe:/a:novell:opensuse:libmysql56client18-32bit, p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo, p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit, p-cpe:/a:novell:opensuse:libmysql56client_r18, p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit, p-cpe:/a:novell:opensuse:mysql-community-server, p-cpe:/a:novell:opensuse:mysql-community-server-bench, p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-client, p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-debugsource, p-cpe:/a:novell:opensuse:mysql-community-server-errormessages, p-cpe:/a:novell:opensuse:mysql-community-server-test, p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-tools, p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/07/29

Reference Information

CVE: CVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653, CVE-2017-3732