Описание
Security update for mariadb
This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318):
Security fixes:
- CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582)
- CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)
- CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569)
- CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566)
- CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564)
- CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562)
- CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)
- CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555)
- CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)
Bugfixes:
- mysql_install_db can't find data files (bsc#1006539)
- mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)
- Remove useless mysql@default.service (bsc#1004477)
- Replace all occurrences of the string '@sysconfdir@' with '/etc' as it wasn't expanded properly (bsc#990890)
- Notable changes:
- XtraDB updated to 5.6.33-79.0
- TokuDB updated to 5.6.33-79.0
- Innodb updated to 5.6.33
- Performance Schema updated to 5.6.33
- Release notes and upstream changelog:
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:3028-1
- SUSE Security Ratings
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Затронутые продукты
Ссылки
- CVE-2016-3492
- SUSE Bug 1005555
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Затронутые продукты
Ссылки
- CVE-2016-5584
- SUSE Bug 1005558
- SUSE Bug 1008318
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-5616
- SUSE Bug 1001367
- SUSE Bug 1005555
- SUSE Bug 1005557
- SUSE Bug 1005561
- SUSE Bug 1005562
- SUSE Bug 1005563
- SUSE Bug 1005564
- SUSE Bug 1005566
- SUSE Bug 1005569
- SUSE Bug 1005570
- SUSE Bug 1005582
- SUSE Bug 1008253
- SUSE Bug 1008318
- SUSE Bug 1020875
- SUSE Bug 1020876
- SUSE Bug 1020877
- SUSE Bug 1020878
- SUSE Bug 1020882
- SUSE Bug 1020883
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Затронутые продукты
Ссылки
- CVE-2016-5624
- SUSE Bug 1005564
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Затронутые продукты
Ссылки
- CVE-2016-5626
- SUSE Bug 1005566
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
Затронутые продукты
Ссылки
- CVE-2016-5629
- SUSE Bug 1005569
- SUSE Bug 1008318
Описание
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Затронутые продукты
Ссылки
- CVE-2016-6663
- SUSE Bug 1001367
- SUSE Bug 1008253
- SUSE Bug 1008318
- SUSE Bug 1021755
- SUSE Bug 998309
Описание
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Затронутые продукты
Ссылки
- CVE-2016-7440
- SUSE Bug 1005581
- SUSE Bug 1008318
Описание
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Затронутые продукты
Ссылки
- CVE-2016-8283
- SUSE Bug 1005582
- SUSE Bug 1008318