Описание
Security update for MySQL
A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code (CVE-2012-5611).
Security Issue references:
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP1-TERADATA
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP2
Ссылки
- Link for SUSE-SU-2015:1177-2
- E-Mail link for SUSE-SU-2015:1177-2
- SUSE Security Ratings
- SUSE Bug 792444
- SUSE Bug 934789
- SUSE CVE CVE-2012-5611 page
- SUSE CVE CVE-2012-5612 page
- SUSE CVE CVE-2012-5613 page
- SUSE CVE CVE-2012-5615 page
- SUSE CVE CVE-2015-4000 page
Описание
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Затронутые продукты
Ссылки
- CVE-2012-5611
- SUSE Bug 792362
- SUSE Bug 792444
- SUSE Bug 798753
Описание
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Затронутые продукты
Ссылки
- CVE-2012-5612
- SUSE Bug 792443
- SUSE Bug 798753
Описание
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
Затронутые продукты
Ссылки
- CVE-2012-5613
- SUSE Bug 792442
Описание
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Затронутые продукты
Ссылки
- CVE-2012-5615
- SUSE Bug 792440
- SUSE Bug 901237
- SUSE Bug 915913
Описание
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Затронутые продукты
Ссылки
- CVE-2015-4000
- SUSE Bug 1074631
- SUSE Bug 1211968
- SUSE Bug 931600
- SUSE Bug 931698
- SUSE Bug 931723
- SUSE Bug 931845
- SUSE Bug 932026
- SUSE Bug 932483
- SUSE Bug 934789
- SUSE Bug 935033
- SUSE Bug 935540
- SUSE Bug 935979
- SUSE Bug 937202
- SUSE Bug 937766
- SUSE Bug 938248
- SUSE Bug 938432
- SUSE Bug 938895
- SUSE Bug 938905
- SUSE Bug 938906