Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 452
Alerts This Week
Warning Icon 1 452

openSUSE: 2017:1209-1 Critical Security Notification for MySQL Server

opensuse
Calendar Grey May 8, 2017
Dist Opensuse Esm H88
Significant Arch Linux upgrade resolves 12 vulnerabilities in postgresql-server package. Essential configuration modifications implemented.
An update that fixes 16 vulnerabilities is now available

Description

This update for mysql-community-server to version 5.6.36 fixes the

following issues:

These security issues were fixed:

- CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in

SQL statements written to the dump output, allowing for execution of

arbitrary commands (bsc#1029014)

- CVE-2017-3305: MySQL client sent authentication request unencrypted even

if SSL was required (aka Ridddle) (bsc#1029396).

- CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850)

- CVE-2017-3309: Unspecified vulnerability in Server: Optimizer

(boo#1034850)

- CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850)

- CVE-2017-3453: Unspecified vulnerability in Server: Optimizer

(boo#1034850)

- CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850)

- CVE-2017-3461: Unspecified vulnerability in Server: Security

(boo#1034850)

- CVE-2017-3462: Unspecified vulnerability in Server:...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-555=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-555=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

libmysql56client18-5.6.36-24.3.3

libmysql56client18-debuginfo-5.6.36-24.3.3

libmysql56client_r18-5.6.36-24.3.3

mysql-community-server-5.6.36-24.3.3

mysql-community-server-bench-5.6.36-24.3.3

mysql-community-server-bench-debuginfo-5.6.36-24.3.3

mysql-community-server-client-5.6.36-24.3.3

mysql-community-server-client-debuginfo-5.6.36-24.3.3

mysql-community-server-debuginfo-5.6.36-24.3.3

mysql-community-server-debugsource-5.6.36-24.3.3

mysql-community-server-errormessages-5.6.36-24.3.3

mysql-community-server-test-5.6.36-24.3.3

mysql-community-server-test-debuginfo-5.6.36-24.3.3

mysql-community-server-tools-5.6.36-24.3.3

mysql-community-server-tools-debuginfo-5.6.36-24.3.3

- openSUSE Leap 42.2 (x86_64):

libmysql56client18-32bit-5.6.36-24.3.3

libmysql56client18-debuginfo-32bit-5.6.36-24.3.3

libmysql56client_r18-32bit-5.6.36-24.3.3

- openSUSE Leap 42.1 (i586 x86_64):

libmysql56client18-5.6.36-25.3

libmysql56client18-debuginfo-5.6.36-25.3

libmysql56client_r18-5.6.36-25.3

mysql-co...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-3302.html

https://www.suse.com/security/cve/CVE-2017-3305.html

https://www.suse.com/security/cve/CVE-2017-3308.html

https://www.suse.com/security/cve/CVE-2017-3309.html

https://www.suse.com/security/cve/CVE-2017-3329.html

https://www.suse.com/security/cve/CVE-2017-3450.html

https://www.suse.com/security/cve/CVE-2017-3452.html

https://www.suse.com/security/cve/CVE-2017-3453.html

https://www.suse.com/security/cve/CVE-2017-3456.html

https://www.suse.com/security/cve/CVE-2017-3461.html

https://www.suse.com/security/cve/CVE-2017-3462.html

https://www.suse.com/security/cve/CVE-2017-3463.html

https://www.suse.com/security/cve/CVE-2017-3464.html

https://www.suse.com/security/cve/CVE-2017-3599.html

https://www.suse.com/security/cve/CVE-2017-3600.html

https://bugzilla.suse.com/1020976

https://bugzilla.suse.com/1022428

https://bugzilla.suse.com/1029014

https://bugzilla.suse.com/1029396

https://bugzilla.suse.com/1034850

https://bugzilla.suse.com/889126

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:1209-1
Rating: important
Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.