Security update for mariadb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0368-1 Final 1 1 2016-02-07T15:42:46Z current 2016-02-07T15:42:46Z 2016-02-07T15:42:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 - Fix information leak via mysql-systemd-helper script. (CVE-2015-5969, bsc#957174) For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents: - https://kb.askmonty.org/en/mariadb-10022-release-notes/ - https://kb.askmonty.org/en/mariadb-10022-changelog/ This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html E-Mail link for openSUSE-SU-2016:0368-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libmysqlclient-devel-10.0.22-3.1 libmysqlclient18-10.0.22-3.1 libmysqlclient18-32bit-10.0.22-3.1 libmysqlclient_r18-10.0.22-3.1 libmysqlclient_r18-32bit-10.0.22-3.1 libmysqld-devel-10.0.22-3.1 libmysqld18-10.0.22-3.1 mariadb-10.0.22-3.1 mariadb-bench-10.0.22-3.1 mariadb-client-10.0.22-3.1 mariadb-errormessages-10.0.22-3.1 mariadb-test-10.0.22-3.1 mariadb-tools-10.0.22-3.1 libmysqlclient-devel-10.0.22-3.1 as a component of openSUSE Leap 42.1 libmysqlclient18-10.0.22-3.1 as a component of openSUSE Leap 42.1 libmysqlclient18-32bit-10.0.22-3.1 as a component of openSUSE Leap 42.1 libmysqlclient_r18-10.0.22-3.1 as a component of openSUSE Leap 42.1 libmysqlclient_r18-32bit-10.0.22-3.1 as a component of openSUSE Leap 42.1 libmysqld-devel-10.0.22-3.1 as a component of openSUSE Leap 42.1 libmysqld18-10.0.22-3.1 as a component of openSUSE Leap 42.1 mariadb-10.0.22-3.1 as a component of openSUSE Leap 42.1 mariadb-bench-10.0.22-3.1 as a component of openSUSE Leap 42.1 mariadb-client-10.0.22-3.1 as a component of openSUSE Leap 42.1 mariadb-errormessages-10.0.22-3.1 as a component of openSUSE Leap 42.1 mariadb-test-10.0.22-3.1 as a component of openSUSE Leap 42.1 mariadb-tools-10.0.22-3.1 as a component of openSUSE Leap 42.1 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. CVE-2015-4792 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4792.html CVE-2015-4792 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. CVE-2015-4802 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4802.html CVE-2015-4802 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. CVE-2015-4807 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4807.html CVE-2015-4807 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. CVE-2015-4815 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4815.html CVE-2015-4815 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. CVE-2015-4826 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4826.html CVE-2015-4826 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. CVE-2015-4830 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4830.html CVE-2015-4830 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. CVE-2015-4836 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4836.html CVE-2015-4836 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. CVE-2015-4858 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4858.html CVE-2015-4858 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE-2015-4861 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4861.html CVE-2015-4861 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. CVE-2015-4870 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4870.html CVE-2015-4870 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. CVE-2015-4913 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-4913.html CVE-2015-4913 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. CVE-2015-5969 openSUSE Leap 42.1:libmysqlclient-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.22-3.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.22-3.1 openSUSE Leap 42.1:libmysqld-devel-10.0.22-3.1 openSUSE Leap 42.1:libmysqld18-10.0.22-3.1 openSUSE Leap 42.1:mariadb-10.0.22-3.1 openSUSE Leap 42.1:mariadb-bench-10.0.22-3.1 openSUSE Leap 42.1:mariadb-client-10.0.22-3.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.22-3.1 openSUSE Leap 42.1:mariadb-test-10.0.22-3.1 openSUSE Leap 42.1:mariadb-tools-10.0.22-3.1 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html https://www.suse.com/security/cve/CVE-2015-5969.html CVE-2015-5969 https://bugzilla.suse.com/957174 SUSE Bug 957174