Описание
Security update for mariadb
This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318):
Security fixes:
- CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582)
- CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)
- CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569)
- CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566)
- CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564)
- CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562)
- CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)
- CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555)
- CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)
Bugfixes:
- mysql_install_db can't find data files (bsc#1006539)
- mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)
- Notable changes:
- XtraDB updated to 5.6.33-79.0
- TokuDB updated to 5.6.33-79.0
- Innodb updated to 5.6.33
- Performance Schema updated to 5.6.33
- Release notes and upstream changelog:
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
Ссылки
- Link for SUSE-SU-2016:2932-1
- E-Mail link for SUSE-SU-2016:2932-1
- SUSE Security Ratings
- SUSE Bug 1001367
- SUSE Bug 1003800
- SUSE Bug 1005555
- SUSE Bug 1005558
- SUSE Bug 1005562
- SUSE Bug 1005564
- SUSE Bug 1005566
- SUSE Bug 1005569
- SUSE Bug 1005581
- SUSE Bug 1005582
- SUSE Bug 1006539
- SUSE Bug 1008318
- SUSE CVE CVE-2016-3492 page
- SUSE CVE CVE-2016-5584 page
- SUSE CVE CVE-2016-5616 page
- SUSE CVE CVE-2016-5624 page
- SUSE CVE CVE-2016-5626 page
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Затронутые продукты
Ссылки
- CVE-2016-3492
- SUSE Bug 1005555
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Затронутые продукты
Ссылки
- CVE-2016-5584
- SUSE Bug 1005558
- SUSE Bug 1008318
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Затронутые продукты
Ссылки
- CVE-2016-5616
- SUSE Bug 1005562
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-5624
- SUSE Bug 1005564
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Затронутые продукты
Ссылки
- CVE-2016-5626
- SUSE Bug 1005566
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
Затронутые продукты
Ссылки
- CVE-2016-5629
- SUSE Bug 1005569
- SUSE Bug 1008318
Описание
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Затронутые продукты
Ссылки
- CVE-2016-6663
- SUSE Bug 1001367
- SUSE Bug 1008253
- SUSE Bug 1008318
- SUSE Bug 1021755
- SUSE Bug 998309
Описание
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Затронутые продукты
Ссылки
- CVE-2016-7440
- SUSE Bug 1005581
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Затронутые продукты
Ссылки
- CVE-2016-8283
- SUSE Bug 1005582
- SUSE Bug 1008318