SuSE 11.3 Security Update : mysql, mysql-client (SAT Patch Number 8364)

Medium Nessus Plugin ID 70328

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This version upgrade of mysql to 5.5.33 fixed multiple security issues :

- CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794

- CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801

- CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806

- CVE-2013-3807 / CVE-2013-3808 / CVE-2013-3809 / CVE-2013-3810

- Additionally, it contains numerous bug fixes and improvements.:. (CVE-2013-3811 / CVE-2013-3812)

- fixed mysqldump with MySQL 5.0. (bnc#768832)

- fixed log rights. (bnc#789263 and bnc#803040 and bnc#792332)

- binlog disabled in default configuration. (bnc#791863)

- fixed dependencies for client package. (bnc#780019)

- minor polishing of spec/installation

- avoid file conflicts with mytop

- better fix for hard-coded libdir issue

- fixed hard-coded plugin paths. (bnc#834028)

- use chown --no-dereference instead of chown to improve security. (bnc#834967)

- adjust to spell !includedir correctly in /etc/my.cnf.
(bnc#734436)

- typo in init script stops database on update (bnc#837801)

Solution

Apply SAT patch number 8364.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=734436

https://bugzilla.novell.com/show_bug.cgi?id=768832

https://bugzilla.novell.com/show_bug.cgi?id=780019

https://bugzilla.novell.com/show_bug.cgi?id=789263

https://bugzilla.novell.com/show_bug.cgi?id=791863

https://bugzilla.novell.com/show_bug.cgi?id=792332

https://bugzilla.novell.com/show_bug.cgi?id=803040

https://bugzilla.novell.com/show_bug.cgi?id=830086

https://bugzilla.novell.com/show_bug.cgi?id=834028

https://bugzilla.novell.com/show_bug.cgi?id=834967

https://bugzilla.novell.com/show_bug.cgi?id=837801

http://support.novell.com/security/cve/CVE-2013-1861.html

http://support.novell.com/security/cve/CVE-2013-3783.html

http://support.novell.com/security/cve/CVE-2013-3793.html

http://support.novell.com/security/cve/CVE-2013-3794.html

http://support.novell.com/security/cve/CVE-2013-3795.html

http://support.novell.com/security/cve/CVE-2013-3796.html

http://support.novell.com/security/cve/CVE-2013-3798.html

http://support.novell.com/security/cve/CVE-2013-3801.html

http://support.novell.com/security/cve/CVE-2013-3802.html

http://support.novell.com/security/cve/CVE-2013-3804.html

http://support.novell.com/security/cve/CVE-2013-3805.html

http://support.novell.com/security/cve/CVE-2013-3806.html

http://support.novell.com/security/cve/CVE-2013-3807.html

http://support.novell.com/security/cve/CVE-2013-3808.html

http://support.novell.com/security/cve/CVE-2013-3809.html

http://support.novell.com/security/cve/CVE-2013-3810.html

http://support.novell.com/security/cve/CVE-2013-3811.html

http://support.novell.com/security/cve/CVE-2013-3812.html

Plugin Details

Severity: Medium

ID: 70328

File Name: suse_11_libmysql55client18-130926.nasl

Version: Revision: 1.3

Type: local

Agent: unix

Published: 2013/10/08

Updated: 2014/05/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libmysql55client18, p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit, p-cpe:/a:novell:suse_linux:11:libmysql55client_r18, p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit, p-cpe:/a:novell:suse_linux:11:libmysqlclient15, p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit, p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15, p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit, p-cpe:/a:novell:suse_linux:11:mysql, p-cpe:/a:novell:suse_linux:11:mysql-client, p-cpe:/a:novell:suse_linux:11:mysql-tools, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/09/26

Reference Information

CVE: CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3795, CVE-2013-3796, CVE-2013-3798, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808, CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812