Security update for MySQL

SUSE Security Update: Security update for MySQL

Announcement ID:	SUSE-SU-2013:1390-1
Rating:	important
References:	#734436 #768832 #780019 #789263 #791863 #803040 #830086 #834028 #834967
Affected Products:	SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3

An update that fixes 18 vulnerabilities is now available. It includes one version update.

Description:

This version upgrade of mysql to 5.5.32 fixes multiple
security issues:

CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794,
CVE-2013-3795, CVE-2013-3796, CVE-2013-3798,
CVE-2013-3801, CVE-2013-3802, CVE-2013-3804,
CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808,
CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812

Additionally, it contains numerous bug fixes and
improvements.:

* making mysqldump work with MySQL 5.0 (bnc#768832)
* fixed log rights (bnc#789263 and bnc#803040)
* binlog disabled in default configuration (bnc#791863)
* fixed dependencies for client package (bnc#780019)
* minor polishing of spec/installation
* avoiding file conflicts with mytop
* better fix for hardcoded libdir issue
* fix hardcoded plugin paths (bnc#834028)
* Use chown --no-dereference instead of chown to
improve security (bnc#834967)
* Adjust to spell !includedir correctly in /etc/my.cnf
(bnc#734436)

Security Issue references:

* CVE-2013-1861
>
* CVE-2013-3783
>
* CVE-2013-3793
>
* CVE-2013-3794
>
* CVE-2013-3795
>
* CVE-2013-3796
>
* CVE-2013-3798
>
* CVE-2013-3801
>
* CVE-2013-3802
>
* CVE-2013-3804
>
* CVE-2013-3805
>
* CVE-2013-3806
>
* CVE-2013-3807
>
* CVE-2013-3808
>
* CVE-2013-3809
>
* CVE-2013-3810
>
* CVE-2013-3811
>
* CVE-2013-3812
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-libmysql55client18-8217
SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-libmysql55client18-8217
SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-libmysql55client18-8217
SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-libmysql55client18-8217

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64):

libmysql55client_r18-32bit-5.5.32-0.9.1

libmysqlclient_r15-32bit-5.0.96-0.6.9
SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64):

libmysql55client_r18-x86-5.5.32-0.9.1

libmysqlclient_r15-x86-5.0.96-0.6.9
SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.32]:

libmysql55client18-5.5.32-0.9.1

libmysql55client_r18-5.5.32-0.9.1

libmysqlclient15-5.0.96-0.6.9

libmysqlclient_r15-5.0.96-0.6.9

mysql-5.5.32-0.9.1

mysql-client-5.5.32-0.9.1

mysql-tools-5.5.32-0.9.1
SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.32]:

libmysql55client18-32bit-5.5.32-0.9.1

libmysqlclient15-32bit-5.0.96-0.6.9
SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.32]:

libmysql55client18-5.5.32-0.9.1

libmysql55client_r18-5.5.32-0.9.1

libmysqlclient15-5.0.96-0.6.9

libmysqlclient_r15-5.0.96-0.6.9

mysql-5.5.32-0.9.1

mysql-client-5.5.32-0.9.1

mysql-tools-5.5.32-0.9.1
SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.32]:

libmysql55client18-32bit-5.5.32-0.9.1

libmysqlclient15-32bit-5.0.96-0.6.9
SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.32]:

libmysql55client18-x86-5.5.32-0.9.1

libmysqlclient15-x86-5.0.96-0.6.9
SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.32]:

libmysql55client18-5.5.32-0.9.1

libmysql55client_r18-5.5.32-0.9.1

libmysqlclient15-5.0.96-0.6.9

libmysqlclient_r15-5.0.96-0.6.9

mysql-5.5.32-0.9.1

mysql-client-5.5.32-0.9.1
SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.32]:

libmysql55client18-32bit-5.5.32-0.9.1

libmysql55client_r18-32bit-5.5.32-0.9.1

libmysqlclient15-32bit-5.0.96-0.6.9

libmysqlclient_r15-32bit-5.0.96-0.6.9

References:

http://support.novell.com/security/cve/CVE-2013-1861.html
http://support.novell.com/security/cve/CVE-2013-3783.html
http://support.novell.com/security/cve/CVE-2013-3793.html
http://support.novell.com/security/cve/CVE-2013-3794.html
http://support.novell.com/security/cve/CVE-2013-3795.html
http://support.novell.com/security/cve/CVE-2013-3796.html
http://support.novell.com/security/cve/CVE-2013-3798.html
http://support.novell.com/security/cve/CVE-2013-3801.html
http://support.novell.com/security/cve/CVE-2013-3802.html
http://support.novell.com/security/cve/CVE-2013-3804.html
http://support.novell.com/security/cve/CVE-2013-3805.html
http://support.novell.com/security/cve/CVE-2013-3806.html
http://support.novell.com/security/cve/CVE-2013-3807.html
http://support.novell.com/security/cve/CVE-2013-3808.html
http://support.novell.com/security/cve/CVE-2013-3809.html
http://support.novell.com/security/cve/CVE-2013-3810.html
http://support.novell.com/security/cve/CVE-2013-3811.html
http://support.novell.com/security/cve/CVE-2013-3812.html
https://bugzilla.novell.com/734436
https://bugzilla.novell.com/768832
https://bugzilla.novell.com/780019
https://bugzilla.novell.com/789263
https://bugzilla.novell.com/791863
https://bugzilla.novell.com/803040
https://bugzilla.novell.com/830086
https://bugzilla.novell.com/834028
https://bugzilla.novell.com/834967
http://download.suse.com/patch/finder/?keywords=ee1853a305dde831618306e6f92a3e78