MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes the following bugs: * Prior to this update, the mysqld daemon worked with uninitialized memory when accessing non-nullable GEOMETRY types. Cosequenutly, mysqld could terminate unexpectedly when the mysqldump utility was running. With this update, mysqld initializes memory properly and thus no longer crashes in this scenario (BZ#842052) * Previously, the mysqldump utility expected log tables to be created on the MySQL 5.0.x server, from which it retrieved data. Consequently, mysqldump could not dump the MySQL system table. With this update, mysqldump no longer expects log tables to be created, and it is now able to dump the system table in the described scenario as expected. (BZ#877557) * Prior to this update, the mysqld init script did not correctly verify the status of the mysqld daemon. Consequently, the script could return an error message even when the daemon had successfully started. The mysqld init script has been fixed, and it now checks the daemon status properly. (BZ#884651) * Previously, the mysql-server sub-packages did not contain the logrotate script. Consequently, the log rotation had to be configured manually. With this update, the logrotate script has been provided by the mysql-server sub-packages, and users can use the script to log into the mysqld.log file by uncommenting appropriate lines in the script. (BZ#904061) Users of mysql are advised to upgrade to these updated packages, which fix these bugs. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
osvdb.org/95325
secunia.com/advisories/53372
secunia.com/advisories/54300
security.gentoo.org/glsa/glsa-201308-06.xml
www.debian.org/security/2013/dsa-2818
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
www.securityfocus.com/bid/61244
www.ubuntu.com/usn/USN-1909-1
access.redhat.com/security/cve/CVE-2013-1861
access.redhat.com/security/cve/CVE-2013-3802
access.redhat.com/security/cve/CVE-2013-3804
access.redhat.com/security/cve/CVE-2013-3839
bugzilla.redhat.com/show_bug.cgi?id=842052
bugzilla.redhat.com/show_bug.cgi?id=877557
bugzilla.redhat.com/show_bug.cgi?id=904061
exchange.xforce.ibmcloud.com/vulnerabilities/85712
rhn.redhat.com/errata/RHBA-2013-1647.html