Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2218-1 Final 1 1 2016-09-02T09:52:26Z current 2016-09-02T09:52:26Z 2016-09-02T09:52:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: - CVE-2016-3477: Unspecified vulnerability in subcomponent parser [bsc#991616] - CVE-2016-3521: Unspecified vulnerability in subcomponent types [bsc#991616] - CVE-2016-3615: Unspecified vulnerability in subcomponent dml [bsc#991616] - CVE-2016-5440: Unspecified vulnerability in subcomponent rbr [bsc#991616] - mariadb failing test main.bootstrap [bsc#984858] - left over 'openSUSE' comments in MariaDB on SLE12 GM and SP1 [bsc#985217] - remove unnecessary conditionals from specfile - add '--ignore-db-dir=lost+found' option to rc.mysql-multi in order not to misinterpret the lost+found directory as a database [bsc#986251] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2016-1308,SUSE-SLE-SDK-12-SP1-2016-1308,SUSE-SLE-SERVER-12-SP1-2016-1308,SUSE-SLE-WE-12-SP1-2016-1308 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162218-1/ Link for SUSE-SU-2016:2218-1 https://lists.suse.com/pipermail/sle-security-updates/2016-September/002251.html E-Mail link for SUSE-SU-2016:2218-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/984858 SUSE Bug 984858 https://bugzilla.suse.com/985217 SUSE Bug 985217 https://bugzilla.suse.com/986251 SUSE Bug 986251 https://bugzilla.suse.com/991616 SUSE Bug 991616 https://www.suse.com/security/cve/CVE-2016-3477/ SUSE CVE CVE-2016-3477 page https://www.suse.com/security/cve/CVE-2016-3521/ SUSE CVE CVE-2016-3521 page https://www.suse.com/security/cve/CVE-2016-3615/ SUSE CVE CVE-2016-3615 page https://www.suse.com/security/cve/CVE-2016-5440/ SUSE CVE CVE-2016-5440 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP1 libmysqlclient18-10.0.26-9.2 libmysqlclient18-32bit-10.0.26-9.2 libmysqlclient_r18-10.0.26-9.2 libmysqlclient_r18-32bit-10.0.26-9.2 mariadb-10.0.26-9.2 mariadb-client-10.0.26-9.2 mariadb-errormessages-10.0.26-9.2 libmysqlclient-devel-10.0.26-9.2 libmysqld-devel-10.0.26-9.2 libmysqld18-10.0.26-9.2 mariadb-tools-10.0.26-9.2 libmysqlclient18-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 libmysqlclient18-32bit-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 libmysqlclient_r18-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 libmysqlclient_r18-32bit-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 mariadb-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 mariadb-client-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 mariadb-errormessages-10.0.26-9.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 libmysqlclient18-10.0.26-9.2 as a component of SUSE Linux Enterprise Server 12 SP1 libmysqlclient18-32bit-10.0.26-9.2 as a component of SUSE Linux Enterprise Server 12 SP1 mariadb-10.0.26-9.2 as a component of SUSE Linux Enterprise Server 12 SP1 mariadb-client-10.0.26-9.2 as a component of SUSE Linux Enterprise Server 12 SP1 mariadb-errormessages-10.0.26-9.2 as a component of SUSE Linux Enterprise Server 12 SP1 mariadb-tools-10.0.26-9.2 as a component of SUSE Linux Enterprise Server 12 SP1 libmysqlclient18-10.0.26-9.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libmysqlclient18-32bit-10.0.26-9.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 mariadb-10.0.26-9.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 mariadb-client-10.0.26-9.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 mariadb-errormessages-10.0.26-9.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 mariadb-tools-10.0.26-9.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libmysqlclient-devel-10.0.26-9.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libmysqlclient_r18-10.0.26-9.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libmysqld-devel-10.0.26-9.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libmysqld18-10.0.26-9.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libmysqlclient_r18-10.0.26-9.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1 libmysqlclient_r18-32bit-10.0.26-9.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. CVE-2016-3477 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 moderate 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162218-1/ https://www.suse.com/security/cve/CVE-2016-3477.html CVE-2016-3477 https://bugzilla.suse.com/989913 SUSE Bug 989913 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. CVE-2016-3521 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162218-1/ https://www.suse.com/security/cve/CVE-2016-3521.html CVE-2016-3521 https://bugzilla.suse.com/989919 SUSE Bug 989919 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. CVE-2016-3615 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162218-1/ https://www.suse.com/security/cve/CVE-2016-3615.html CVE-2016-3615 https://bugzilla.suse.com/989922 SUSE Bug 989922 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. CVE-2016-5440 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Desktop 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libmysqlclient18-32bit-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-client-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-errormessages-10.0.26-9.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mariadb-tools-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld-devel-10.0.26-9.2 SUSE Linux Enterprise Software Development Kit 12 SP1:libmysqld18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-10.0.26-9.2 SUSE Linux Enterprise Workstation Extension 12 SP1:libmysqlclient_r18-32bit-10.0.26-9.2 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162218-1/ https://www.suse.com/security/cve/CVE-2016-5440.html CVE-2016-5440 https://bugzilla.suse.com/989926 SUSE Bug 989926 https://bugzilla.suse.com/991616 SUSE Bug 991616