Описание
Security update for mysql
This mysql update to verson 5.5.52 fixes the following issues:
Security issues fixed:
- CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser (bsc#989913).
- CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types (bsc#989919).
- CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml (bsc#989922).
- CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr (bsc#989926).
- CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309)
More details can be found on: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
Bugs fixed:
- bsc#967374: properly restart mysql multi instances during upgrade
- bnc#937258: multi script to restart after crash
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
SUSE Manager Proxy 2.1
SUSE OpenStack Cloud 5
Ссылки
- Link for SUSE-SU-2016:2343-1
- E-Mail link for SUSE-SU-2016:2343-1
- SUSE Security Ratings
- SUSE Bug 937258
- SUSE Bug 967374
- SUSE Bug 989913
- SUSE Bug 989919
- SUSE Bug 989922
- SUSE Bug 989926
- SUSE Bug 998309
- SUSE CVE CVE-2016-3477 page
- SUSE CVE CVE-2016-3521 page
- SUSE CVE CVE-2016-3615 page
- SUSE CVE CVE-2016-5440 page
- SUSE CVE CVE-2016-6662 page
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
Затронутые продукты
Ссылки
- CVE-2016-3477
- SUSE Bug 989913
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
Затронутые продукты
Ссылки
- CVE-2016-3521
- SUSE Bug 989919
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
Затронутые продукты
Ссылки
- CVE-2016-3615
- SUSE Bug 989922
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
Затронутые продукты
Ссылки
- CVE-2016-5440
- SUSE Bug 989926
- SUSE Bug 991616
Описание
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Затронутые продукты
Ссылки
- CVE-2016-6662
- SUSE Bug 1001367
- SUSE Bug 1005580
- SUSE Bug 1020873
- SUSE Bug 1020884
- SUSE Bug 1021755
- SUSE Bug 998309