Описание
Security update for mysql
This mysql version update to 5.5.54 fixes the following issues:
- CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896)
- CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894)
- CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890)
- CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)
- CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884)
- CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885)
- CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875)
- CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877)
- CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891)
- CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882)
- Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428)
Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
SUSE Manager Proxy 2.1
SUSE OpenStack Cloud 5
Ссылки
- Link for SUSE-SU-2017:0408-1
- E-Mail link for SUSE-SU-2017:0408-1
- SUSE Security Ratings
- SUSE Bug 1020868
- SUSE Bug 1020873
- SUSE Bug 1020875
- SUSE Bug 1020877
- SUSE Bug 1020882
- SUSE Bug 1020884
- SUSE Bug 1020885
- SUSE Bug 1020890
- SUSE Bug 1020891
- SUSE Bug 1020894
- SUSE Bug 1020896
- SUSE Bug 1022428
- SUSE CVE CVE-2017-3238 page
- SUSE CVE CVE-2017-3243 page
- SUSE CVE CVE-2017-3244 page
- SUSE CVE CVE-2017-3258 page
- SUSE CVE CVE-2017-3265 page
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3238
- SUSE Bug 1020868
- SUSE Bug 1020882
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3243
- SUSE Bug 1020868
- SUSE Bug 1020891
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3244
- SUSE Bug 1020868
- SUSE Bug 1020877
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3258
- SUSE Bug 1020868
- SUSE Bug 1020875
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3265
- SUSE Bug 1020868
- SUSE Bug 1020885
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3291
- SUSE Bug 1020868
- SUSE Bug 1020884
- SUSE Bug 998309
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3312
- SUSE Bug 1020868
- SUSE Bug 1020873
- SUSE Bug 998309
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).
Затронутые продукты
Ссылки
- CVE-2017-3313
- SUSE Bug 1020868
- SUSE Bug 1020890
- SUSE Bug 1034911
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
Затронутые продукты
Ссылки
- CVE-2017-3317
- SUSE Bug 1020868
- SUSE Bug 1020894
Описание
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
Затронутые продукты
Ссылки
- CVE-2017-3318
- SUSE Bug 1020868
- SUSE Bug 1020896