openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)

Critical Nessus Plugin ID 94756

Synopsis

The remote openSUSE host is missing a security update.

Description

mysql-community-server was updated to 5.6.34 to fix the following issues :

- Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html

- fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440

- fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926]

- append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251]

- remove syslog.target from *.service files [boo#983938]

- add systemd to deps to build on leap and friends

- replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro

- remove useless [email protected] [boo#971456]

- replace all occurrences of the string '@[email protected]' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890]

- remove '%define _rundir' as 13.1 is out of support scope

- run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set.

- re-enable mysql profiling

Solution

Update the affected mysql-community-server packages.

See Also

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html

https://bugzilla.opensuse.org/show_bug.cgi?id=1005555

https://bugzilla.opensuse.org/show_bug.cgi?id=1005557

https://bugzilla.opensuse.org/show_bug.cgi?id=1005558

https://bugzilla.opensuse.org/show_bug.cgi?id=1005560

https://bugzilla.opensuse.org/show_bug.cgi?id=1005561

https://bugzilla.opensuse.org/show_bug.cgi?id=1005562

https://bugzilla.opensuse.org/show_bug.cgi?id=1005563

https://bugzilla.opensuse.org/show_bug.cgi?id=1005566

https://bugzilla.opensuse.org/show_bug.cgi?id=1005567

https://bugzilla.opensuse.org/show_bug.cgi?id=1005569

https://bugzilla.opensuse.org/show_bug.cgi?id=1005570

https://bugzilla.opensuse.org/show_bug.cgi?id=1005581

https://bugzilla.opensuse.org/show_bug.cgi?id=1005582

https://bugzilla.opensuse.org/show_bug.cgi?id=1005583

https://bugzilla.opensuse.org/show_bug.cgi?id=1005586

https://bugzilla.opensuse.org/show_bug.cgi?id=971456

https://bugzilla.opensuse.org/show_bug.cgi?id=977614

https://bugzilla.opensuse.org/show_bug.cgi?id=983938

https://bugzilla.opensuse.org/show_bug.cgi?id=986251

https://bugzilla.opensuse.org/show_bug.cgi?id=989911

https://bugzilla.opensuse.org/show_bug.cgi?id=989913

https://bugzilla.opensuse.org/show_bug.cgi?id=989914

https://bugzilla.opensuse.org/show_bug.cgi?id=989915

https://bugzilla.opensuse.org/show_bug.cgi?id=989919

https://bugzilla.opensuse.org/show_bug.cgi?id=989921

https://bugzilla.opensuse.org/show_bug.cgi?id=989922

https://bugzilla.opensuse.org/show_bug.cgi?id=989925

https://bugzilla.opensuse.org/show_bug.cgi?id=989926

https://bugzilla.opensuse.org/show_bug.cgi?id=990890

https://bugzilla.opensuse.org/show_bug.cgi?id=998309

https://bugzilla.opensuse.org/show_bug.cgi?id=999666

Plugin Details

Severity: Critical

ID: 94756

File Name: openSUSE-2016-1289.nasl

Version: 2.2

Type: local

Agent: unix

Published: 2016/11/14

Modified: 2018/11/19

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libmysql56client18, p-cpe:/a:novell:opensuse:libmysql56client18-32bit, p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo, p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit, p-cpe:/a:novell:opensuse:libmysql56client_r18, p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit, p-cpe:/a:novell:opensuse:mysql-community-server, p-cpe:/a:novell:opensuse:mysql-community-server-bench, p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-client, p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-debugsource, p-cpe:/a:novell:opensuse:mysql-community-server-errormessages, p-cpe:/a:novell:opensuse:mysql-community-server-test, p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-tools, p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2016/11/12

Reference Information

CVE: CVE-2016-2105, CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3492, CVE-2016-3501, CVE-2016-3521, CVE-2016-3614, CVE-2016-3615, CVE-2016-5439, CVE-2016-5440, CVE-2016-5507, CVE-2016-5584, CVE-2016-5609, CVE-2016-5612, CVE-2016-5616, CVE-2016-5617, CVE-2016-5626, CVE-2016-5627, CVE-2016-5629, CVE-2016-5630, CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-8283, CVE-2016-8284, CVE-2016-8288