Описание
Security update for mysql-community-server
This mysql-community-server version update to 5.6.30 fixes the following issues:
Security issues fixed:
- fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641, CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643
- changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html
Bugs fixed:
- don't delete the log data when migration fails
- add 'log-error' and 'secure-file-priv' configuration options
(added via configuration-tweaks.tar.bz2) [boo#963810]
- add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate.
- add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files').
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1332-1
- SUSE Security Ratings
Описание
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Затронутые продукты
Ссылки
- CVE-2015-3194
- SUSE Bug 957812
- SUSE Bug 957815
- SUSE Bug 958768
- SUSE Bug 976341
- SUSE Bug 990370
Описание
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
Затронутые продукты
Ссылки
- CVE-2016-0639
- SUSE Bug 976341
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-0640
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
Затронутые продукты
Ссылки
- CVE-2016-0641
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
Затронутые продукты
Ссылки
- CVE-2016-0642
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-0643
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
Затронутые продукты
Ссылки
- CVE-2016-0644
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-0646
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
Затронутые продукты
Ссылки
- CVE-2016-0647
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
Затронутые продукты
Ссылки
- CVE-2016-0648
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
Затронутые продукты
Ссылки
- CVE-2016-0649
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
Затронутые продукты
Ссылки
- CVE-2016-0650
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2016-0655
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.
Затронутые продукты
Ссылки
- CVE-2016-0661
- SUSE Bug 976341
Описание
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.
Затронутые продукты
Ссылки
- CVE-2016-0665
- SUSE Bug 976341
Описание
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
Затронутые продукты
Ссылки
- CVE-2016-0666
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
Затронутые продукты
Ссылки
- CVE-2016-0668
- SUSE Bug 976341
- SUSE Bug 980904
Описание
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Затронутые продукты
Ссылки
- CVE-2016-0705
- SUSE Bug 968044
- SUSE Bug 968047
- SUSE Bug 971238
- SUSE Bug 976341
Описание
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Затронутые продукты
Ссылки
- CVE-2016-2047
- SUSE Bug 963806
- SUSE Bug 976341
- SUSE Bug 980904