Security update for mariadb (important)

2016-06-1720:08:38

lists.opensuse.org

0.004 Low

EPSS

Percentile

68.8%

JSON

mariadb was updated to version 10.0.25 to fix 25 security issues.

These security issues were fixed:

CVE-2016-0505: Unspecified vulnerability allowed remote authenticated
users to affect availability via unknown vectors related to Options
(bsc#980904).
CVE-2016-0546: Unspecified vulnerability allowed local users to affect
confidentiality, integrity, and availability via unknown vectors related
to Client (bsc#980904).
CVE-2016-0596: Unspecified vulnerability allowed remote authenticated
users to affect availability via vectors related to DML (bsc#980904).
CVE-2016-0597: Unspecified vulnerability allowed remote authenticated
users to affect availability via unknown vectors related to Optimizer
(bsc#980904).
CVE-2016-0598: Unspecified vulnerability allowed remote authenticated
users to affect availability via vectors related to DML (bsc#980904).
CVE-2016-0600: Unspecified vulnerability allowed remote authenticated
users to affect availability via unknown vectors related to InnoDB
(bsc#980904).
CVE-2016-0606: Unspecified vulnerability allowed remote authenticated
users to affect integrity via unknown vectors related to encryption
(bsc#980904).
CVE-2016-0608: Unspecified vulnerability allowed remote authenticated
users to affect availability via vectors related to UDF (bsc#980904).
CVE-2016-0609: Unspecified vulnerability allowed remote authenticated
users to affect availability via unknown vectors related to privileges
(bsc#980904).
CVE-2016-0616: Unspecified vulnerability allowed remote authenticated
users to affect availability via unknown vectors related to Optimizer
(bsc#980904).
CVE-2016-0640: Unspecified vulnerability allowed local users to affect
integrity and availability via vectors related to DML (bsc#980904).
CVE-2016-0641: Unspecified vulnerability allowed local users to affect
confidentiality and availability via vectors related to MyISAM
(bsc#980904).
CVE-2016-0642: Unspecified vulnerability allowed local users to affect
integrity and availability via vectors related to Federated (bsc#980904).
CVE-2016-0643: Unspecified vulnerability allowed local users to affect
confidentiality via vectors related to DML (bsc#980904).
CVE-2016-0644: Unspecified vulnerability allowed local users to affect
availability via vectors related to DDL (bsc#980904).
CVE-2016-0646: Unspecified vulnerability allowed local users to affect
availability via vectors related to DML (bsc#980904).
CVE-2016-0647: Unspecified vulnerability allowed local users to affect
availability via vectors related to FTS (bsc#980904).
CVE-2016-0648: Unspecified vulnerability allowed local users to affect
availability via vectors related to PS (bsc#980904).
CVE-2016-0649: Unspecified vulnerability allowed local users to affect
availability via vectors related to PS (bsc#980904).
CVE-2016-0650: Unspecified vulnerability allowed local users to affect
availability via vectors related to Replication (bsc#980904).
CVE-2016-0651: Unspecified vulnerability allowed local users to affect
availability via vectors related to Optimizer (bsc#980904).
CVE-2016-0655: Unspecified vulnerability allowed local users to affect
availability via vectors related to InnoDB (bsc#980904).
CVE-2016-0666: Unspecified vulnerability allowed local users to affect
availability via vectors related to Security: Privileges (bsc#980904).
CVE-2016-0668: Unspecified vulnerability allowed local users to affect
availability via vectors related to InnoDB (bsc#980904).
CVE-2016-2047: The ssl_verify_server_cert function in
sql-common/client.c did not properly verify that the server hostname
matches a domain name in the subject’s Common Name (CN) or
subjectAltName field of the X.509 certificate, which allowed
man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in
a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com
(bsc#963806).

These non-security issues were fixed:

bsc#960961: Use ‘plugin-load-add’ instead of ‘plugin-load’ in
default_plugins.cnf. It contained ‘plugin-load’ options which caused
that only last plugin was actually loaded (‘plugin-load’ overrides the
previous ‘plugin-load’)
bsc#961935: Remove the leftovers of "openSUSE" string in the
‘-DWITH_COMMENT’ and ‘DCOMPILATION_COMMENT’ options

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server12x86_64mariadb-tools< 10.0.25-20.6.1mariadb-tools-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Server12x86_64mariadb-debuginfo< 10.0.25-20.6.1mariadb-debuginfo-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit12ppc64lelibmysqlclient_r18< 10.0.25-20.6.1libmysqlclient_r18-10.0.25-20.6.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12s390xlibmysqld18-debuginfo< 10.0.25-20.6.1libmysqld18-debuginfo-10.0.25-20.6.1.s390x.rpm
SUSE Linux Enterprise Workstation Extension12x86_64mariadb-debuginfo< 10.0.25-20.6.1mariadb-debuginfo-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Desktop12x86_64libmysqlclient18-debuginfo-32bit< 10.0.25-20.6.1libmysqlclient18-debuginfo-32bit-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Server12s390xmariadb-client-debuginfo< 10.0.25-20.6.1mariadb-client-debuginfo-10.0.25-20.6.1.s390x.rpm
SUSE Linux Enterprise Server12s390xmariadb-tools< 10.0.25-20.6.1mariadb-tools-10.0.25-20.6.1.s390x.rpm
SUSE Linux Enterprise Server12ppc64lemariadb-client-debuginfo< 10.0.25-20.6.1mariadb-client-debuginfo-10.0.25-20.6.1.ppc64le.rpm
SUSE Linux Enterprise Server12ppc64lemariadb-client< 10.0.25-20.6.1mariadb-client-10.0.25-20.6.1.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server	12	x86_64	mariadb-tools	< 10.0.25-20.6.1	mariadb-tools-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Server	12	x86_64	mariadb-debuginfo	< 10.0.25-20.6.1	mariadb-debuginfo-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	12	ppc64le	libmysqlclient_r18	< 10.0.25-20.6.1	libmysqlclient_r18-10.0.25-20.6.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit	12	s390x	libmysqld18-debuginfo	< 10.0.25-20.6.1	libmysqld18-debuginfo-10.0.25-20.6.1.s390x.rpm
SUSE Linux Enterprise Workstation Extension	12	x86_64	mariadb-debuginfo	< 10.0.25-20.6.1	mariadb-debuginfo-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Desktop	12	x86_64	libmysqlclient18-debuginfo-32bit	< 10.0.25-20.6.1	libmysqlclient18-debuginfo-32bit-10.0.25-20.6.1.x86_64.rpm
SUSE Linux Enterprise Server	12	s390x	mariadb-client-debuginfo	< 10.0.25-20.6.1	mariadb-client-debuginfo-10.0.25-20.6.1.s390x.rpm
SUSE Linux Enterprise Server	12	s390x	mariadb-tools	< 10.0.25-20.6.1	mariadb-tools-10.0.25-20.6.1.s390x.rpm
SUSE Linux Enterprise Server	12	ppc64le	mariadb-client-debuginfo	< 10.0.25-20.6.1	mariadb-client-debuginfo-10.0.25-20.6.1.ppc64le.rpm
SUSE Linux Enterprise Server	12	ppc64le	mariadb-client	< 10.0.25-20.6.1	mariadb-client-10.0.25-20.6.1.ppc64le.rpm