Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1273-1

Опубликовано: 21 июл. 2015
Источник: suse-cvrf

Описание

Security update for mariadb

This update fixes the following security issues: * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] * CVE-2014-8964: heap buffer overflow [bnc#906574] * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] * CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) * CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) * CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)

Список пакетов

SUSE Linux Enterprise Desktop 12
libmysqlclient18-10.0.20-18.1
libmysqlclient18-32bit-10.0.20-18.1
libmysqlclient_r18-10.0.20-18.1
libmysqlclient_r18-32bit-10.0.20-18.1
mariadb-10.0.20-18.1
mariadb-client-10.0.20-18.1
mariadb-errormessages-10.0.20-18.1
SUSE Linux Enterprise Server 12
libmysqlclient18-10.0.20-18.1
libmysqlclient18-32bit-10.0.20-18.1
mariadb-10.0.20-18.1
mariadb-client-10.0.20-18.1
mariadb-errormessages-10.0.20-18.1
mariadb-tools-10.0.20-18.1
SUSE Linux Enterprise Server for SAP Applications 12
libmysqlclient18-10.0.20-18.1
libmysqlclient18-32bit-10.0.20-18.1
mariadb-10.0.20-18.1
mariadb-client-10.0.20-18.1
mariadb-errormessages-10.0.20-18.1
mariadb-tools-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12
libmysqlclient-devel-10.0.20-18.1
libmysqlclient_r18-10.0.20-18.1
libmysqld-devel-10.0.20-18.1
libmysqld18-10.0.20-18.1
SUSE Linux Enterprise Workstation Extension 12
libmysqlclient_r18-10.0.20-18.1
libmysqlclient_r18-32bit-10.0.20-18.1

Ссылки

Описание

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки

Описание

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libmysqlclient18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient18-32bit-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-10.0.20-18.1
SUSE Linux Enterprise Desktop 12:libmysqlclient_r18-32bit-10.0.20-18.1
Ссылки
Уязвимость SUSE-SU-2015:1273-1