Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2780-1

Опубликовано: 12 нояб. 2016
Источник: suse-cvrf

Описание

Security update for mysql

This mysql version update to 5.5.53 fixes the following issues:

  • CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580)
  • CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)
  • CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)

Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libmysql55client18-5.5.53-0.30.1
libmysql55client18-32bit-5.5.53-0.30.1
libmysql55client18-x86-5.5.53-0.30.1
libmysql55client_r18-5.5.53-0.30.1
libmysql55client_r18-32bit-5.5.53-0.30.1
libmysql55client_r18-x86-5.5.53-0.30.1
mysql-5.5.53-0.30.1
mysql-client-5.5.53-0.30.1
mysql-tools-5.5.53-0.30.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmysql55client18-5.5.53-0.30.1
libmysql55client18-32bit-5.5.53-0.30.1
libmysql55client18-x86-5.5.53-0.30.1
libmysql55client_r18-5.5.53-0.30.1
libmysql55client_r18-32bit-5.5.53-0.30.1
libmysql55client_r18-x86-5.5.53-0.30.1
mysql-5.5.53-0.30.1
mysql-client-5.5.53-0.30.1
mysql-tools-5.5.53-0.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libmysql55client_r18-32bit-5.5.53-0.30.1
libmysql55client_r18-x86-5.5.53-0.30.1

Ссылки

Описание

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.53-0.30.1
Ссылки

Описание

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.53-0.30.1
Ссылки

Описание

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.53-0.30.1
SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.53-0.30.1
Ссылки