Описание
Security update for mysql
The mysql package was updated to version 5.5.46 to fixs several security and non security issues.
- bnc#951391: update to version 5.5.46
- changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html
- fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913
- bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures.
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:2303-1
- E-Mail link for SUSE-SU-2015:2303-1
- SUSE Security Ratings
- SUSE Bug 951391
- SUSE Bug 952196
- SUSE CVE CVE-2015-0286 page
- SUSE CVE CVE-2015-0288 page
- SUSE CVE CVE-2015-1789 page
- SUSE CVE CVE-2015-1793 page
- SUSE CVE CVE-2015-4730 page
- SUSE CVE CVE-2015-4766 page
- SUSE CVE CVE-2015-4792 page
- SUSE CVE CVE-2015-4800 page
- SUSE CVE CVE-2015-4802 page
- SUSE CVE CVE-2015-4815 page
- SUSE CVE CVE-2015-4816 page
- SUSE CVE CVE-2015-4819 page
- SUSE CVE CVE-2015-4826 page
- SUSE CVE CVE-2015-4830 page
- SUSE CVE CVE-2015-4833 page
Описание
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
Затронутые продукты
Ссылки
- CVE-2015-0286
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922496
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 951391
Описание
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
Затронутые продукты
Ссылки
- CVE-2015-0288
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 920236
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 951391
Описание
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Затронутые продукты
Ссылки
- CVE-2015-1789
- SUSE Bug 934489
- SUSE Bug 934666
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 938432
- SUSE Bug 951391
Описание
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Затронутые продукты
Ссылки
- CVE-2015-1793
- SUSE Bug 936746
- SUSE Bug 937637
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.
Затронутые продукты
Ссылки
- CVE-2015-4730
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.
Затронутые продукты
Ссылки
- CVE-2015-4766
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
Затронутые продукты
Ссылки
- CVE-2015-4792
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-4800
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
Затронутые продукты
Ссылки
- CVE-2015-4802
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
Затронутые продукты
Ссылки
- CVE-2015-4815
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4816
- SUSE Bug 951391
- SUSE Bug 958790
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
Затронутые продукты
Ссылки
- CVE-2015-4819
- SUSE Bug 951391
- SUSE Bug 958790
- SUSE Bug 969667
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
Затронутые продукты
Ссылки
- CVE-2015-4826
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-4830
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Затронутые продукты
Ссылки
- CVE-2015-4833
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Затронутые продукты
Ссылки
- CVE-2015-4836
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
Затронутые продукты
Ссылки
- CVE-2015-4858
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4861
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-4862
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-4864
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4866
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
Затронутые продукты
Ссылки
- CVE-2015-4870
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-4879
- SUSE Bug 951391
- SUSE Bug 958790
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.
Затронутые продукты
Ссылки
- CVE-2015-4890
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4895
- SUSE Bug 951391
- SUSE Bug 958790
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.
Затронутые продукты
Ссылки
- CVE-2015-4904
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.
Затронутые продукты
Ссылки
- CVE-2015-4905
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Затронутые продукты
Ссылки
- CVE-2015-4910
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
Затронутые продукты
Ссылки
- CVE-2015-4913
- SUSE Bug 951391
- SUSE Bug 958789