Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1618-1

Опубликовано: 17 июн. 2016
Источник: suse-cvrf

Описание

Security update for mysql

This update for mysql fixes the following issues:

  • bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places

On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped:

  • Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000]

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libmysqlclient15-5.0.96-0.8.10.3
libmysqlclient15-32bit-5.0.96-0.8.10.3
libmysqlclient15-x86-5.0.96-0.8.10.3
libmysqlclient_r15-5.0.96-0.8.10.3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmysqlclient15-5.0.96-0.8.10.3
libmysqlclient15-32bit-5.0.96-0.8.10.3
libmysqlclient15-x86-5.0.96-0.8.10.3
libmysqlclient_r15-5.0.96-0.8.10.3
SUSE Linux Enterprise Software Development Kit 11 SP4
libmysqlclient-devel-5.0.96-0.8.10.3
libmysqlclient_r15-32bit-5.0.96-0.8.10.3
libmysqlclient_r15-x86-5.0.96-0.8.10.3

Ссылки

Описание

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libmysqlclient15-32bit-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11 SP4:libmysqlclient15-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11 SP4:libmysqlclient15-x86-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11 SP4:libmysqlclient_r15-5.0.96-0.8.10.3
Ссылки
Уязвимость SUSE-SU-2016:1618-1