Описание
Security update for mysql-community-server
mysql-community-server was updated to 5.6.34 to fix the following issues:
- Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
- fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440
- fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926]
- append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251]
- remove syslog.target from *.service files [boo#983938]
- add systemd to deps to build on leap and friends
- replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro
- remove useless mysql@default.service [boo#971456]
- replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890]
- remove '%define _rundir' as 13.1 is out of support scope
- run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set.
- re-enable mysql profiling
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2769-1
- SUSE Security Ratings
Описание
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Затронутые продукты
Ссылки
- CVE-2016-2105
- SUSE Bug 977584
- SUSE Bug 977614
- SUSE Bug 978492
- SUSE Bug 989902
- SUSE Bug 990369
- SUSE Bug 990370
Описание
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
Затронутые продукты
Ссылки
- CVE-2016-3459
- SUSE Bug 989911
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
Затронутые продукты
Ссылки
- CVE-2016-3477
- SUSE Bug 989913
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
Затронутые продукты
Ссылки
- CVE-2016-3486
- SUSE Bug 989914
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Затронутые продукты
Ссылки
- CVE-2016-3492
- SUSE Bug 1005555
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Затронутые продукты
Ссылки
- CVE-2016-3501
- SUSE Bug 989915
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
Затронутые продукты
Ссылки
- CVE-2016-3521
- SUSE Bug 989919
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
Затронутые продукты
Ссылки
- CVE-2016-3614
- SUSE Bug 989921
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
Затронутые продукты
Ссылки
- CVE-2016-3615
- SUSE Bug 989922
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.
Затронутые продукты
Ссылки
- CVE-2016-5439
- SUSE Bug 989925
Описание
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
Затронутые продукты
Ссылки
- CVE-2016-5440
- SUSE Bug 989926
- SUSE Bug 991616
Описание
Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Затронутые продукты
Ссылки
- CVE-2016-5507
- SUSE Bug 1005557
Описание
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Затронутые продукты
Ссылки
- CVE-2016-5584
- SUSE Bug 1005558
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-5609
- SUSE Bug 1005560
Описание
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-5612
- SUSE Bug 1005561
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-5616
- SUSE Bug 1001367
- SUSE Bug 1005555
- SUSE Bug 1005557
- SUSE Bug 1005561
- SUSE Bug 1005562
- SUSE Bug 1005563
- SUSE Bug 1005564
- SUSE Bug 1005566
- SUSE Bug 1005569
- SUSE Bug 1005570
- SUSE Bug 1005582
- SUSE Bug 1008253
- SUSE Bug 1008318
- SUSE Bug 1020875
- SUSE Bug 1020876
- SUSE Bug 1020877
- SUSE Bug 1020878
- SUSE Bug 1020882
- SUSE Bug 1020883
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-5617
- SUSE Bug 1001367
- SUSE Bug 1005555
- SUSE Bug 1005557
- SUSE Bug 1005561
- SUSE Bug 1005562
- SUSE Bug 1005563
- SUSE Bug 1005564
- SUSE Bug 1005566
- SUSE Bug 1005569
- SUSE Bug 1005570
- SUSE Bug 1005582
- SUSE Bug 1008253
- SUSE Bug 1020873
- SUSE Bug 1020875
- SUSE Bug 1020876
- SUSE Bug 1020877
- SUSE Bug 1020878
- SUSE Bug 1020882
- SUSE Bug 1020883
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Затронутые продукты
Ссылки
- CVE-2016-5626
- SUSE Bug 1005566
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.
Затронутые продукты
Ссылки
- CVE-2016-5627
- SUSE Bug 1005567
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
Затронутые продукты
Ссылки
- CVE-2016-5629
- SUSE Bug 1005569
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Затронутые продукты
Ссылки
- CVE-2016-5630
- SUSE Bug 1005570
Описание
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Затронутые продукты
Ссылки
- CVE-2016-6304
- SUSE Bug 1001706
- SUSE Bug 1003811
- SUSE Bug 1005579
- SUSE Bug 1021375
- SUSE Bug 999665
- SUSE Bug 999666
Описание
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Затронутые продукты
Ссылки
- CVE-2016-6662
- SUSE Bug 1001367
- SUSE Bug 1005580
- SUSE Bug 1020873
- SUSE Bug 1020884
- SUSE Bug 1021755
- SUSE Bug 998309
Описание
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Затронутые продукты
Ссылки
- CVE-2016-7440
- SUSE Bug 1005581
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Затронутые продукты
Ссылки
- CVE-2016-8283
- SUSE Bug 1005582
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.
Затронутые продукты
Ссылки
- CVE-2016-8284
- SUSE Bug 1005583
- SUSE Bug 1008117
- SUSE Bug 1008133
- SUSE Bug 1008141
- SUSE Bug 1008150
- SUSE Bug 1008151
- SUSE Bug 1008152
- SUSE Bug 1011266
- SUSE Bug 1011267
Описание
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
Затронутые продукты
Ссылки
- CVE-2016-8288
- SUSE Bug 1005586