Описание
Security update to MySQL 5.6.27
MySQL was updated to 5.6.27 to fix security issues and bugs.
The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913
Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
The following security relevant changes are included additionally:
- CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962]
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2243-1
- SUSE Security Ratings
Описание
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
Затронутые продукты
Ссылки
- CVE-2015-0286
- SUSE Bug 919648
- SUSE Bug 922496
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 951391
Описание
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
Затронутые продукты
Ссылки
- CVE-2015-0288
- SUSE Bug 919648
- SUSE Bug 920236
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 951391
Описание
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Затронутые продукты
Ссылки
- CVE-2015-1789
- SUSE Bug 934489
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 938432
- SUSE Bug 951391
Описание
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Затронутые продукты
Ссылки
- CVE-2015-1793
- SUSE Bug 936746
- SUSE Bug 937637
- SUSE Bug 951391
Описание
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Затронутые продукты
Ссылки
- CVE-2015-3152
- SUSE Bug 1037590
- SUSE Bug 1047059
- SUSE Bug 1088681
- SUSE Bug 924663
- SUSE Bug 928962
- SUSE Bug 936407
Описание
Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.
Затронутые продукты
Ссылки
- CVE-2015-4730
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.
Затронутые продукты
Ссылки
- CVE-2015-4766
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
Затронутые продукты
Ссылки
- CVE-2015-4792
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Затронутые продукты
Ссылки
- CVE-2015-4800
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
Затронутые продукты
Ссылки
- CVE-2015-4802
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
Затронутые продукты
Ссылки
- CVE-2015-4815
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4816
- SUSE Bug 951391
- SUSE Bug 958790
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
Затронутые продукты
Ссылки
- CVE-2015-4819
- SUSE Bug 951391
- SUSE Bug 958790
- SUSE Bug 969667
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
Затронутые продукты
Ссылки
- CVE-2015-4826
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-4830
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Затронутые продукты
Ссылки
- CVE-2015-4833
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Затронутые продукты
Ссылки
- CVE-2015-4836
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
Затронутые продукты
Ссылки
- CVE-2015-4858
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4861
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-4862
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Затронутые продукты
Ссылки
- CVE-2015-4864
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4866
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
Затронутые продукты
Ссылки
- CVE-2015-4870
- SUSE Bug 951391
- SUSE Bug 958789
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2015-4879
- SUSE Bug 951391
- SUSE Bug 958790
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.
Затронутые продукты
Ссылки
- CVE-2015-4890
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Затронутые продукты
Ссылки
- CVE-2015-4895
- SUSE Bug 951391
- SUSE Bug 958790
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.
Затронутые продукты
Ссылки
- CVE-2015-4904
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.
Затронутые продукты
Ссылки
- CVE-2015-4905
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Затронутые продукты
Ссылки
- CVE-2015-4910
- SUSE Bug 951391
Описание
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
Затронутые продукты
Ссылки
- CVE-2015-4913
- SUSE Bug 951391
- SUSE Bug 958789