openSUSE 安全更新:mysql-community-server (openSUSE-2015-608)

medium Nessus 插件 ID 86182

简介

远程 openSUSE 主机缺少安全更新。

描述

MySQL Community Server 版本已更新到 5.6.26,修复了安全问题和缺陷。

所有变更:
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html

- 修复了 CVE:CVE-2015-2617、CVE-2015-2648、CVE-2015-2611、CVE-2015-2582 CVE-2015-4752、CVE-2015-4756、CVE-2015-2643、CVE-2015-4772 CVE-2015-4761、CVE-2015-4757、CVE-2015-4737、CVE-2015-4771 CVE-2015-4769、CVE-2015-2639、CVE-2015-2620、CVE-2015-2641 CVE-2015-2661、CVE-2015-4767

- 默认禁用 Performance Schema。由于 MySQL 5.6.6 流默认启用 Performance Schema,会导致内存使用增加。添加的选项再次禁用 Performance Schema,以减少 MySQL 内存使用 [bnc#852477]。

- 安装 MDEV-6912 中提到的 INFO_BIN 和 INFO_SRC

- 从 mysql-systemd-helper 中删除 superfluous ‘--group’ 参数

- 使 -devel 程序包在 LibreSSL 存在时可安装

- 在 update-message(如有显示)后清除

- 添加“exec”到 mysql-systemd-helper,以干净利索地关闭 mysql/mariadb [bnc#943096]

解决方案

更新受影响的 mysql-community-server 程序包。

另见

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html

https://bugzilla.opensuse.org/show_bug.cgi?id=852477

https://bugzilla.opensuse.org/show_bug.cgi?id=902396

https://bugzilla.opensuse.org/show_bug.cgi?id=938412

https://bugzilla.opensuse.org/show_bug.cgi?id=942908

https://bugzilla.opensuse.org/show_bug.cgi?id=943096

插件详情

严重性: Medium

ID: 86182

文件名: openSUSE-2015-608.nasl

版本: 2.7

类型: local

代理: unix

发布时间: 2015/9/28

最近更新时间: 2021/1/19

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

风险信息

VPR

风险因素: Medium

分数: 5.3

CVSS v2

风险因素: Medium

基本分数: 6.5

矢量: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

漏洞信息

CPE: p-cpe:/a:novell:opensuse:libmysql56client18, p-cpe:/a:novell:opensuse:libmysql56client18-32bit, p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo, p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit, p-cpe:/a:novell:opensuse:libmysql56client_r18, p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit, p-cpe:/a:novell:opensuse:mysql-community-server, p-cpe:/a:novell:opensuse:mysql-community-server-bench, p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-client, p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-debugsource, p-cpe:/a:novell:opensuse:mysql-community-server-errormessages, p-cpe:/a:novell:opensuse:mysql-community-server-test, p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo, p-cpe:/a:novell:opensuse:mysql-community-server-tools, p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

必需的 KB 项: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

补丁发布日期: 2015/9/7

参考资料信息

CVE: CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772