Описание
Security update for mysql
mysql was updated to version 5.5.49 to fix 13 security issues.
These security issues were fixed:
- CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#976341).
- CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#976341).
- CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#976341).
- CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#976341).
- CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#976341).
- CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#976341).
- CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#976341).
- CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#976341).
- CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#976341).
- CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#976341).
- CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341).
- CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341).
- CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com (bsc#963806).
More details are available at
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2016:1279-1
- E-Mail link for SUSE-SU-2016:1279-1
- SUSE Security Ratings
- SUSE Bug 963806
- SUSE Bug 976341
- SUSE CVE CVE-2016-0640 page
- SUSE CVE CVE-2016-0641 page
- SUSE CVE CVE-2016-0642 page
- SUSE CVE CVE-2016-0643 page
- SUSE CVE CVE-2016-0644 page
- SUSE CVE CVE-2016-0646 page
- SUSE CVE CVE-2016-0647 page
- SUSE CVE CVE-2016-0648 page
- SUSE CVE CVE-2016-0649 page
- SUSE CVE CVE-2016-0650 page
- SUSE CVE CVE-2016-0651 page
- SUSE CVE CVE-2016-0666 page
- SUSE CVE CVE-2016-2047 page
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-0640
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
Затронутые продукты
Ссылки
- CVE-2016-0641
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
Затронутые продукты
Ссылки
- CVE-2016-0642
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-0643
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
Затронутые продукты
Ссылки
- CVE-2016-0644
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-0646
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
Затронутые продукты
Ссылки
- CVE-2016-0647
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
Затронутые продукты
Ссылки
- CVE-2016-0648
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
Затронутые продукты
Ссылки
- CVE-2016-0649
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
Затронутые продукты
Ссылки
- CVE-2016-0650
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
Затронутые продукты
Ссылки
- CVE-2016-0651
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
Затронутые продукты
Ссылки
- CVE-2016-0666
- SUSE Bug 976341
- SUSE Bug 980904
Описание
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Затронутые продукты
Ссылки
- CVE-2016-2047
- SUSE Bug 963806
- SUSE Bug 976341
- SUSE Bug 980904