openSUSE: 2016:0367-1: important: MySQL
Description
This update to MySQL 5.6.28 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. - CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2015-5969: Fixed information leak via mysql-systemd-helper script. (bsc#957174) - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-165=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-165=1 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (i586 x86_64): libmysql56client18-5.6.28-13.1 libmysql56client18-debuginfo-5.6.28-13.1 libmysql56client_r18-5.6.28-13.1 mysql-community-server-5.6.28-13.1 mysql-community-server-bench-5.6.28-13.1 mysql-community-server-bench-debuginfo-5.6.28-13.1 mysql-community-server-client-5.6.28-13.1 mysql-community-server-client-debuginfo-5.6.28-13.1 mysql-community-server-debuginfo-5.6.28-13.1 mysql-community-server-debugsource-5.6.28-13.1 mysql-community-server-errormessages-5.6.28-13.1 mysql-community-server-test-5.6.28-13.1 mysql-community-server-test-debuginfo-5.6.28-13.1 mysql-community-server-tools-5.6.28-13.1 mysql-community-server-tools-debuginfo-5.6.28-13.1 - openSUSE Leap 42.1 (x86_64): libmysql56client18-32bit-5.6.28-13.1 libmysql56client18-debuginfo-32bit-5.6.28-13.1 libmysql56client_r18-32bit-5.6.28-13.1 - openSUSE 13.2 (i586 x86_64): libmysql56client18-5.6.28-2.17.1 libmysql56client18-debuginfo-5.6.28-2.17.1 libmysql56client_r18-5.6.28-2.17.1 mysql-community-server-5.6.28-2.17.1 mysql-community-server-bench-5.6.28-2.17.1 mysql-community-server-bench-debuginfo-5.6.28-2.17.1 mysql-community-server-client-5.6.28-2.17.1 mysql-community-server-client-debuginfo-5.6.28-2.17.1 mysql-community-server-debuginfo-5.6.28-2.17.1 mysql-community-server-debugsource-5.6.28-2.17.1 mysql-community-server-errormessages-5.6.28-2.17.1 mysql-community-server-test-5.6.28-2.17.1 mysql-community-server-test-debuginfo-5.6.28-2.17.1 mysql-community-server-tools-5.6.28-2.17.1 mysql-community-server-tools-debuginfo-5.6.28-2.17.1 - openSUSE 13.2 (x86_64): libmysql56client18-32bit-5.6.28-2.17.1 libmysql56client18-debuginfo-32bit-5.6.28-2.17.1 libmysql56client_r18-32bit-5.6.28-2.17.1
References
https://www.suse.com/security/cve/CVE-2015-5969.html https://www.suse.com/security/cve/CVE-2015-7744.html https://www.suse.com/security/cve/CVE-2016-0502.html https://www.suse.com/security/cve/CVE-2016-0503.html https://www.suse.com/security/cve/CVE-2016-0504.html https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0594.html https://www.suse.com/security/cve/CVE-2016-0595.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0605.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0607.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0610.html https://www.suse.com/security/cve/CVE-2016-0611.html https://bugzilla.suse.com/957174 https://bugzilla.suse.com/959724 https://bugzilla.suse.com/962779