Описание
Security update for MySQL
This MySQL update provides the following:
See also: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Security Issues:
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP3
Ссылки
- Link for SUSE-SU-2015:0946-1
- E-Mail link for SUSE-SU-2015:0946-1
- SUSE Security Ratings
- SUSE Bug 734436
- SUSE Bug 768832
- SUSE Bug 780019
- SUSE Bug 789263
- SUSE Bug 791863
- SUSE Bug 792332
- SUSE Bug 803040
- SUSE Bug 830086
- SUSE Bug 834028
- SUSE Bug 834967
- SUSE Bug 837801
- SUSE Bug 857678
- SUSE Bug 858823
- SUSE Bug 861493
- SUSE Bug 868673
- SUSE Bug 873896
- SUSE Bug 878779
Описание
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Затронутые продукты
Ссылки
- CVE-2012-5615
- SUSE Bug 792440
- SUSE Bug 901237
- SUSE Bug 915913
Описание
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Затронутые продукты
Ссылки
- CVE-2013-1861
- SUSE Bug 809544
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
Затронутые продукты
Ссылки
- CVE-2013-3783
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Затронутые продукты
Ссылки
- CVE-2013-3793
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Затронутые продукты
Ссылки
- CVE-2013-3794
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Затронутые продукты
Ссылки
- CVE-2013-3795
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Затронутые продукты
Ссылки
- CVE-2013-3796
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
Затронутые продукты
Ссылки
- CVE-2013-3798
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Затронутые продукты
Ссылки
- CVE-2013-3801
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
Затронутые продукты
Ссылки
- CVE-2013-3802
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Затронутые продукты
Ссылки
- CVE-2013-3804
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
Затронутые продукты
Ссылки
- CVE-2013-3805
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
Затронутые продукты
Ссылки
- CVE-2013-3806
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
Затронутые продукты
Ссылки
- CVE-2013-3807
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Затронутые продукты
Ссылки
- CVE-2013-3808
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
Затронутые продукты
Ссылки
- CVE-2013-3809
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
Затронутые продукты
Ссылки
- CVE-2013-3810
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
Затронутые продукты
Ссылки
- CVE-2013-3811
- SUSE Bug 830086
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Затронутые продукты
Ссылки
- CVE-2013-3812
- SUSE Bug 830086
Описание
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Затронутые продукты
Ссылки
- CVE-2013-4316
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Затронутые продукты
Ссылки
- CVE-2013-5860
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.
Затронутые продукты
Ссылки
- CVE-2013-5881
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.
Затронутые продукты
Ссылки
- CVE-2013-5882
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Затронутые продукты
Ссылки
- CVE-2013-5891
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2013-5894
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
Затронутые продукты
Ссылки
- CVE-2013-5908
- SUSE Bug 858823
Описание
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Затронутые продукты
Ссылки
- CVE-2014-0001
- SUSE Bug 861493
Описание
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Затронутые продукты
Ссылки
- CVE-2014-0224
- SUSE Bug 1146657
- SUSE Bug 880891
- SUSE Bug 881743
- SUSE Bug 883126
- SUSE Bug 885777
- SUSE Bug 892403
- SUSE Bug 901237
- SUSE Bug 903703
- SUSE Bug 905018
- SUSE Bug 905106
- SUSE Bug 914447
- SUSE Bug 915913
- SUSE Bug 916239
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
Затронутые продукты
Ссылки
- CVE-2014-0384
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Затронутые продукты
Ссылки
- CVE-2014-0386
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2014-0393
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2014-0401
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
Затронутые продукты
Ссылки
- CVE-2014-0402
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2014-0412
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.
Затронутые продукты
Ссылки
- CVE-2014-0420
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.
Затронутые продукты
Ссылки
- CVE-2014-0427
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
Затронутые продукты
Ссылки
- CVE-2014-0430
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.
Затронутые продукты
Ссылки
- CVE-2014-0431
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.
Затронутые продукты
Ссылки
- CVE-2014-0433
- SUSE Bug 858823
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Затронутые продукты
Ссылки
- CVE-2014-0437
- SUSE Bug 858823
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Затронутые продукты
Ссылки
- CVE-2014-2419
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
Затронутые продукты
Ссылки
- CVE-2014-2430
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
Затронутые продукты
Ссылки
- CVE-2014-2431
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
Затронутые продукты
Ссылки
- CVE-2014-2432
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2014-2434
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2014-2435
- SUSE Bug 1021755
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
Затронутые продукты
Ссылки
- CVE-2014-2436
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Затронутые продукты
Ссылки
- CVE-2014-2438
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2014-2440
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.
Затронутые продукты
Ссылки
- CVE-2014-2442
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2014-2444
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Затронутые продукты
Ссылки
- CVE-2014-2450
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.
Затронутые продукты
Ссылки
- CVE-2014-2451
- SUSE Bug 873896
- SUSE Bug 999706
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.
Затронутые продукты
Ссылки
- CVE-2014-2484
- SUSE Bug 887580
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
Затронутые продукты
Ссылки
- CVE-2014-2494
- SUSE Bug 887580
- SUSE Bug 915914
Описание
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
Затронутые продукты
Ссылки
- CVE-2014-3569
- SUSE Bug 911399
- SUSE Bug 927623
- SUSE Bug 986238
Описание
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
Затронутые продукты
Ссылки
- CVE-2014-3570
- SUSE Bug 912296
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
- SUSE Bug 944456
Описание
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
Затронутые продукты
Ссылки
- CVE-2014-3571
- SUSE Bug 912294
- SUSE Bug 915848
- SUSE Bug 927623
Описание
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
Затронутые продукты
Ссылки
- CVE-2014-3572
- SUSE Bug 912015
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
Затронутые продукты
Ссылки
- CVE-2014-4207
- SUSE Bug 887580
- SUSE Bug 915914
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.
Затронутые продукты
Ссылки
- CVE-2014-4214
- SUSE Bug 887580
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.
Затронутые продукты
Ссылки
- CVE-2014-4233
- SUSE Bug 887580
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
Затронутые продукты
Ссылки
- CVE-2014-4238
- SUSE Bug 887580
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.
Затронутые продукты
Ссылки
- CVE-2014-4240
- SUSE Bug 887580
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
Затронутые продукты
Ссылки
- CVE-2014-4243
- SUSE Bug 887580
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
Затронутые продукты
Ссылки
- CVE-2014-4258
- SUSE Bug 887580
- SUSE Bug 915914
Описание
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
Затронутые продукты
Ссылки
- CVE-2014-4260
- SUSE Bug 887580
- SUSE Bug 915914
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
Затронутые продукты
Ссылки
- CVE-2014-4274
- SUSE Bug 857678
- SUSE Bug 896400
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.
Затронутые продукты
Ссылки
- CVE-2014-4287
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.
Затронутые продукты
Ссылки
- CVE-2014-6463
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
Затронутые продукты
Ссылки
- CVE-2014-6464
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
Затронутые продукты
Ссылки
- CVE-2014-6469
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.
Затронутые продукты
Ссылки
- CVE-2014-6474
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.
Затронутые продукты
Ссылки
- CVE-2014-6478
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.
Затронутые продукты
Ссылки
- CVE-2014-6484
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.
Затронутые продукты
Ссылки
- CVE-2014-6489
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.
Затронутые продукты
Ссылки
- CVE-2014-6491
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.
Затронутые продукты
Ссылки
- CVE-2014-6494
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.
Затронутые продукты
Ссылки
- CVE-2014-6495
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
Затронутые продукты
Ссылки
- CVE-2014-6496
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.
Затронутые продукты
Ссылки
- CVE-2014-6500
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.
Затронутые продукты
Ссылки
- CVE-2014-6505
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Затронутые продукты
Ссылки
- CVE-2014-6507
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.
Затронутые продукты
Ссылки
- CVE-2014-6520
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.
Затронутые продукты
Ссылки
- CVE-2014-6530
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.
Затронутые продукты
Ссылки
- CVE-2014-6551
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Затронутые продукты
Ссылки
- CVE-2014-6555
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
Затронутые продукты
Ссылки
- CVE-2014-6559
- SUSE Bug 901237
- SUSE Bug 915912
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.
Затронутые продукты
Ссылки
- CVE-2014-6564
- SUSE Bug 901237
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
Затронутые продукты
Ссылки
- CVE-2014-6568
- SUSE Bug 914058
- SUSE Bug 915911
Описание
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Затронутые продукты
Ссылки
- CVE-2014-8275
- SUSE Bug 912018
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
Описание
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Затронутые продукты
Ссылки
- CVE-2015-0204
- SUSE Bug 912014
- SUSE Bug 920482
- SUSE Bug 920484
- SUSE Bug 927591
- SUSE Bug 927623
- SUSE Bug 936787
- SUSE Bug 952088
Описание
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
Затронутые продукты
Ссылки
- CVE-2015-0205
- SUSE Bug 912293
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
Описание
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
Затронутые продукты
Ссылки
- CVE-2015-0206
- SUSE Bug 912292
- SUSE Bug 927623
- SUSE Bug 937891
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
Затронутые продукты
Ссылки
- CVE-2015-0374
- SUSE Bug 914058
- SUSE Bug 915911
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
Затронутые продукты
Ссылки
- CVE-2015-0381
- SUSE Bug 914058
- SUSE Bug 915911
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
Затронутые продукты
Ссылки
- CVE-2015-0382
- SUSE Bug 914058
- SUSE Bug 915911
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.
Затронутые продукты
Ссылки
- CVE-2015-0385
- SUSE Bug 914058
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Затронутые продукты
Ссылки
- CVE-2015-0391
- SUSE Bug 914058
- SUSE Bug 915913
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
Затронутые продукты
Ссылки
- CVE-2015-0405
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-0409
- SUSE Bug 914058
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
Затронутые продукты
Ссылки
- CVE-2015-0411
- SUSE Bug 914058
- SUSE Bug 915911
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-0423
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
Затронутые продукты
Ссылки
- CVE-2015-0432
- SUSE Bug 914058
- SUSE Bug 915911
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
Затронутые продукты
Ссылки
- CVE-2015-0433
- SUSE Bug 927623
- SUSE Bug 936409
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Затронутые продукты
Ссылки
- CVE-2015-0438
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.
Затронутые продукты
Ссылки
- CVE-2015-0439
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
Затронутые продукты
Ссылки
- CVE-2015-0441
- SUSE Bug 927623
- SUSE Bug 936409
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Затронутые продукты
Ссылки
- CVE-2015-0498
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
Затронутые продукты
Ссылки
- CVE-2015-0499
- SUSE Bug 927623
- SUSE Bug 936408
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-0500
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
Затронутые продукты
Ссылки
- CVE-2015-0501
- SUSE Bug 927623
- SUSE Bug 936408
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Затронутые продукты
Ссылки
- CVE-2015-0503
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Затронутые продукты
Ссылки
- CVE-2015-0505
- SUSE Bug 927623
- SUSE Bug 936408
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.
Затронутые продукты
Ссылки
- CVE-2015-0506
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Затронутые продукты
Ссылки
- CVE-2015-0507
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.
Затронутые продукты
Ссылки
- CVE-2015-0508
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Затронутые продукты
Ссылки
- CVE-2015-0511
- SUSE Bug 927623
Описание
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-2305
- SUSE Bug 1040662
- SUSE Bug 921950
- SUSE Bug 922022
- SUSE Bug 922028
- SUSE Bug 922030
- SUSE Bug 922043
- SUSE Bug 922560
- SUSE Bug 922567
- SUSE Bug 929192
- SUSE Bug 980366
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-2566
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-2567
- SUSE Bug 927623
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-2568
- SUSE Bug 927623
- SUSE Bug 936409
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-2571
- SUSE Bug 927623
- SUSE Bug 936408
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Затронутые продукты
Ссылки
- CVE-2015-2573
- SUSE Bug 927623
- SUSE Bug 936409
Описание
Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.
Затронутые продукты
Ссылки
- CVE-2015-2576
- SUSE Bug 927623
Описание
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Затронутые продукты
Ссылки
- CVE-2015-4000
- SUSE Bug 1074631
- SUSE Bug 1211968
- SUSE Bug 931600
- SUSE Bug 931698
- SUSE Bug 931723
- SUSE Bug 931845
- SUSE Bug 932026
- SUSE Bug 932483
- SUSE Bug 934789
- SUSE Bug 935033
- SUSE Bug 935540
- SUSE Bug 935979
- SUSE Bug 937202
- SUSE Bug 937766
- SUSE Bug 938248
- SUSE Bug 938432
- SUSE Bug 938895
- SUSE Bug 938905
- SUSE Bug 938906