Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="5777">
  <issue id="999666" tracker="bnc">VUL-0: CVE-2016-6304: openssl: OCSP Status Request extension unbounded memory growth</issue>
  <issue id="998309" tracker="bnc">VUL-0: CVE-2016-6662: mysql,mariadb: Remote Root Code Execution / Privilege Escalation</issue>
  <issue id="986251" tracker="bnc">lost+found directory causes mysql_upgrade to fail</issue>
  <issue id="1005566" tracker="bnc">VUL-0: CVE-2016-5626: mysql: Unspecified vulnerability in subcomponent GIS</issue>
  <issue id="1005567" tracker="bnc">VUL-0: CVE-2016-5627: mysql: Unspecified vulnerability in subcomponent InnoDB</issue>
  <issue id="1005562" tracker="bnc">VUL-0: CVE-2016-5616: mysql: Unspecified vulnerability in subcomponent MyISAM</issue>
  <issue id="1005563" tracker="bnc">VUL-0: CVE-2016-5617: mysql: Unspecified vulnerability in subcomponent Error Handling</issue>
  <issue id="1005560" tracker="bnc">VUL-0: CVE-2016-5609: mysql: Unspecified vulnerability in subcomponent DML</issue>
  <issue id="1005561" tracker="bnc">VUL-0: CVE-2016-5612: mysql: Unspecified vulnerability in subcomponent DML</issue>
  <issue id="983938" tracker="bnc">`After=syslog.target` left-overs in several unit files</issue>
  <issue id="1005569" tracker="bnc">VUL-0: CVE-2016-5629: mysql: Unspecified vulnerability in subcomponent Federated</issue>
  <issue id="989919" tracker="bnc">VUL-0: CVE-2016-3521: mysql: Unspecified vulnerability in subcomponent types</issue>
  <issue id="977614" tracker="bnc">VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow</issue>
  <issue id="989911" tracker="bnc">VUL-0: CVE-2016-3459: mysql: Unspecified vulnerability in subcomponent innodb</issue>
  <issue id="989913" tracker="bnc">VUL-0: CVE-2016-3477: mysql: Unspecified vulnerability in subcomponent parser</issue>
  <issue id="989914" tracker="bnc">VUL-0: CVE-2016-3486: mysql: Unspecified vulnerability in subcomponent fts</issue>
  <issue id="989915" tracker="bnc">VUL-0: CVE-2016-3501: mysql: Unspecified vulnerability in subcomponent optimizer</issue>
  <issue id="1005581" tracker="bnc">VUL-0: CVE-2016-7440: mysql: Unspecified vulnerability in subcomponent Encryption</issue>
  <issue id="1005582" tracker="bnc">VUL-0: CVE-2016-8283: mysql: Unspecified vulnerability in subcomponent Types</issue>
  <issue id="1005583" tracker="bnc">VUL-0: CVE-2016-8284: mysql: Unspecified vulnerability in subcomponent Replication</issue>
  <issue id="1005586" tracker="bnc">VUL-0: CVE-2016-8288: mysql: Unspecified vulnerability in subcomponent InnoDB Plugin</issue>
  <issue id="989925" tracker="bnc">VUL-0: CVE-2016-5439: mysql: Unspecified vulnerability in subcomponent privileges</issue>
  <issue id="971456" tracker="bnc">mariadb installation error: Too many levels of symbolic links</issue>
  <issue id="990890" tracker="bnc">mariadb - @sysconfdir@ variable is not expanded properly</issue>
  <issue id="1005558" tracker="bnc">VUL-0: CVE-2016-5584: mysql: Unspecified vulnerability in subcomponent Encryption</issue>
  <issue id="1005557" tracker="bnc">VUL-0: CVE-2016-5507: mysql: Unspecified vulnerability in subcomponent InnoDB</issue>
  <issue id="1005570" tracker="bnc">VUL-0: CVE-2016-5630: mysql: Unspecified vulnerability in subcomponent InnoDB</issue>
  <issue id="1005555" tracker="bnc">VUL-0: CVE-2016-3492: mysql: Unspecified vulnerability in subcomponent Optimizer</issue>
  <issue id="989926" tracker="bnc">VUL-0: CVE-2016-5440: mysql: Unspecified vulnerability in subcomponent rbr</issue>
  <issue id="989921" tracker="bnc">VUL-0: CVE-2016-3614: mysql: Unspecified vulnerability in subcomponent encryption</issue>
  <issue id="989922" tracker="bnc">VUL-0: CVE-2016-3615: mysql: Unspecified vulnerability in subcomponent dml</issue>
  <issue id="2016-6304" tracker="cve" />
  <issue id="2016-3486" tracker="cve" />
  <issue id="2016-8288" tracker="cve" />
  <issue id="2016-5630" tracker="cve" />
  <issue id="2016-8283" tracker="cve" />
  <issue id="2016-3521" tracker="cve" />
  <issue id="2016-8284" tracker="cve" />
  <issue id="2016-5617" tracker="cve" />
  <issue id="2016-5616" tracker="cve" />
  <issue id="2016-3501" tracker="cve" />
  <issue id="2016-5612" tracker="cve" />
  <issue id="2016-5440" tracker="cve" />
  <issue id="2016-7440" tracker="cve" />
  <issue id="2016-5627" tracker="cve" />
  <issue id="2016-2105" tracker="cve" />
  <issue id="2016-5439" tracker="cve" />
  <issue id="2016-3492" tracker="cve" />
  <issue id="2016-3615" tracker="cve" />
  <issue id="2016-3614" tracker="cve" />
  <issue id="2016-5609" tracker="cve" />
  <issue id="2016-5507" tracker="cve" />
  <issue id="2016-5626" tracker="cve" />
  <issue id="2016-6662" tracker="cve" />
  <issue id="2016-3459" tracker="cve" />
  <issue id="2016-5629" tracker="cve" />
  <issue id="2016-3477" tracker="cve" />
  <issue id="2016-5584" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>kstreitova</packager>
  <description>
mysql-community-server was updated to 5.6.34 to fix the following issues:

* Changes
  http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html
  http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html
  http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html
  http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
* fixed CVEs:
  CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,
  CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,
  CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,
  CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,
  CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,
  CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,
  CVE-2016-3459, CVE-2016-5439, CVE-2016-5440
* fixes SUSE Bugs:
  [boo#999666],  [boo#998309],  [boo#1005581], [boo#1005558], 
  [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], 
  [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], 
  [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], 
  [boo#1005586], [boo#989913],  [boo#977614],  [boo#989914], 
  [boo#989915],  [boo#989919],  [boo#989922],  [boo#989921], 
  [boo#989911],  [boo#989925],  [boo#989926]
- append "--ignore-db-dir=lost+found" to the mysqld options in
  "mysql-systemd-helper" script if "lost+found" directory is found
  in $datadir [boo#986251]  
- remove syslog.target from *.service files [boo#983938]
- add systemd to deps to build on leap and friends  
- replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro
- remove useless mysql@default.service [boo#971456]
- replace all occurrences of the string "@sysconfdir@" with "/etc" in
  mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded
  properly [boo#990890]
- remove '%define _rundir' as 13.1 is out of support scope
- run 'usermod -g mysql mysql' only if mysql user is not in mysql group.
  Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have
  '/bin/false' shell set.
- re-enable mysql profiling

</description>
  <summary>Security update for mysql-community-server</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places