Описание
Security update for mysql
MySQL was updated to version 5.5.45, fixing bugs and security issues.
A list of all changes can be found on:
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html
To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152]
Additional bugs fixed:
- fix rc.mysql-multi script to start instances after restart properly [bnc#934401].
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:1788-1
- E-Mail link for SUSE-SU-2015:1788-1
- SUSE Security Ratings
- SUSE Bug 924663
- SUSE Bug 928962
- SUSE Bug 934401
- SUSE Bug 938412
- SUSE CVE CVE-2015-2582 page
- SUSE CVE CVE-2015-2611 page
- SUSE CVE CVE-2015-2617 page
- SUSE CVE CVE-2015-2620 page
- SUSE CVE CVE-2015-2639 page
- SUSE CVE CVE-2015-2641 page
- SUSE CVE CVE-2015-2643 page
- SUSE CVE CVE-2015-2648 page
- SUSE CVE CVE-2015-2661 page
- SUSE CVE CVE-2015-3152 page
- SUSE CVE CVE-2015-4737 page
- SUSE CVE CVE-2015-4752 page
- SUSE CVE CVE-2015-4756 page
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Затронутые продукты
Ссылки
- CVE-2015-2582
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-2611
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.
Затронутые продукты
Ссылки
- CVE-2015-2617
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-2620
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.
Затронутые продукты
Ссылки
- CVE-2015-2639
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-2641
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-2643
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-2648
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.
Затронутые продукты
Ссылки
- CVE-2015-2661
- SUSE Bug 938412
Описание
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Затронутые продукты
Ссылки
- CVE-2015-3152
- SUSE Bug 1037590
- SUSE Bug 1047059
- SUSE Bug 1088681
- SUSE Bug 924663
- SUSE Bug 928962
- SUSE Bug 936407
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
Затронутые продукты
Ссылки
- CVE-2015-4737
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
Затронутые продукты
Ссылки
- CVE-2015-4752
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.
Затронутые продукты
Ссылки
- CVE-2015-4756
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-4757
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Затронутые продукты
Ссылки
- CVE-2015-4761
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.
Затронутые продукты
Ссылки
- CVE-2015-4767
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.
Затронутые продукты
Ссылки
- CVE-2015-4769
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.
Затронутые продукты
Ссылки
- CVE-2015-4771
- SUSE Bug 938412
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Затронутые продукты
Ссылки
- CVE-2015-4772
- SUSE Bug 938412