Security update for mysql-community-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1209-1 Final 1 1 2017-05-08T11:23:57Z current 2017-05-08T11:23:57Z 2017-05-08T11:23:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-community-server This update for mysql-community-server to version 5.6.36 fixes the following issues: These security issues were fixed: - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850) - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428). - CVE-2017-3450: Unspecified vulnerability Server: Memcached - CVE-2017-3452: Unspecified vulnerability Server: Optimizer - CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (boo#1034850) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) These non-security issues were fixed: - Set the default umask to 077 in mysql-systemd-helper (boo#1020976) - Change permissions of the configuration dir/files to 755/644. Please note that storing the password in the /etc/my.cnf file is not safe. Use for example an option file that is accessible only by yourself (boo#889126) For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html E-Mail link for openSUSE-SU-2017:1209-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 libmysql56client18-5.6.36-24.3.3 libmysql56client18-32bit-5.6.36-24.3.3 libmysql56client_r18-5.6.36-24.3.3 libmysql56client_r18-32bit-5.6.36-24.3.3 mysql-community-server-5.6.36-24.3.3 mysql-community-server-bench-5.6.36-24.3.3 mysql-community-server-client-5.6.36-24.3.3 mysql-community-server-errormessages-5.6.36-24.3.3 mysql-community-server-test-5.6.36-24.3.3 mysql-community-server-tools-5.6.36-24.3.3 libmysql56client18-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 libmysql56client18-32bit-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 libmysql56client_r18-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 libmysql56client_r18-32bit-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 mysql-community-server-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 mysql-community-server-bench-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 mysql-community-server-client-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 mysql-community-server-errormessages-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 mysql-community-server-test-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 mysql-community-server-tools-5.6.36-24.3.3 as a component of openSUSE Leap 42.1 libmysql56client18-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 libmysql56client18-32bit-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 libmysql56client_r18-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 libmysql56client_r18-32bit-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 mysql-community-server-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 mysql-community-server-bench-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 mysql-community-server-client-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 mysql-community-server-errormessages-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 mysql-community-server-test-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 mysql-community-server-tools-5.6.36-24.3.3 as a component of openSUSE Leap 42.2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3600. Reason: This candidate is a reservation duplicate of CVE-2017-3600. Notes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-5483 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2016-5483.html CVE-2016-5483 https://bugzilla.suse.com/1001367 SUSE Bug 1001367 https://bugzilla.suse.com/1005555 SUSE Bug 1005555 https://bugzilla.suse.com/1005557 SUSE Bug 1005557 https://bugzilla.suse.com/1005561 SUSE Bug 1005561 https://bugzilla.suse.com/1005562 SUSE Bug 1005562 https://bugzilla.suse.com/1005563 SUSE Bug 1005563 https://bugzilla.suse.com/1005564 SUSE Bug 1005564 https://bugzilla.suse.com/1005566 SUSE Bug 1005566 https://bugzilla.suse.com/1005569 SUSE Bug 1005569 https://bugzilla.suse.com/1005570 SUSE Bug 1005570 https://bugzilla.suse.com/1005582 SUSE Bug 1005582 https://bugzilla.suse.com/1020875 SUSE Bug 1020875 https://bugzilla.suse.com/1020876 SUSE Bug 1020876 https://bugzilla.suse.com/1020877 SUSE Bug 1020877 https://bugzilla.suse.com/1020878 SUSE Bug 1020878 https://bugzilla.suse.com/1020882 SUSE Bug 1020882 https://bugzilla.suse.com/1020883 SUSE Bug 1020883 https://bugzilla.suse.com/1020884 SUSE Bug 1020884 https://bugzilla.suse.com/1020885 SUSE Bug 1020885 https://bugzilla.suse.com/1020888 SUSE Bug 1020888 https://bugzilla.suse.com/1020890 SUSE Bug 1020890 https://bugzilla.suse.com/1020891 SUSE Bug 1020891 https://bugzilla.suse.com/1020893 SUSE Bug 1020893 https://bugzilla.suse.com/1020894 SUSE Bug 1020894 https://bugzilla.suse.com/1020896 SUSE Bug 1020896 https://bugzilla.suse.com/1020898 SUSE Bug 1020898 https://bugzilla.suse.com/1020901 SUSE Bug 1020901 https://bugzilla.suse.com/1022428 SUSE Bug 1022428 https://bugzilla.suse.com/1029014 SUSE Bug 1029014 https://bugzilla.suse.com/1029396 SUSE Bug 1029396 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1049393 SUSE Bug 1049393 https://bugzilla.suse.com/1049394 SUSE Bug 1049394 https://bugzilla.suse.com/1049396 SUSE Bug 1049396 https://bugzilla.suse.com/1049399 SUSE Bug 1049399 https://bugzilla.suse.com/1049400 SUSE Bug 1049400 https://bugzilla.suse.com/1049401 SUSE Bug 1049401 https://bugzilla.suse.com/1049402 SUSE Bug 1049402 https://bugzilla.suse.com/1049403 SUSE Bug 1049403 https://bugzilla.suse.com/1049404 SUSE Bug 1049404 https://bugzilla.suse.com/1049405 SUSE Bug 1049405 https://bugzilla.suse.com/1049406 SUSE Bug 1049406 https://bugzilla.suse.com/1049407 SUSE Bug 1049407 https://bugzilla.suse.com/1049408 SUSE Bug 1049408 https://bugzilla.suse.com/1049409 SUSE Bug 1049409 https://bugzilla.suse.com/1049410 SUSE Bug 1049410 https://bugzilla.suse.com/1049411 SUSE Bug 1049411 https://bugzilla.suse.com/1049412 SUSE Bug 1049412 https://bugzilla.suse.com/1049414 SUSE Bug 1049414 https://bugzilla.suse.com/1049415 SUSE Bug 1049415 https://bugzilla.suse.com/1049416 SUSE Bug 1049416 https://bugzilla.suse.com/1049417 SUSE Bug 1049417 https://bugzilla.suse.com/1064101 SUSE Bug 1064101 https://bugzilla.suse.com/1064107 SUSE Bug 1064107 https://bugzilla.suse.com/1064115 SUSE Bug 1064115 https://bugzilla.suse.com/1064116 SUSE Bug 1064116 https://bugzilla.suse.com/1064117 SUSE Bug 1064117 Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. CVE-2017-3302 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3302.html CVE-2017-3302 https://bugzilla.suse.com/1022428 SUSE Bug 1022428 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1034911 SUSE Bug 1034911 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle". CVE-2017-3305 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3305.html CVE-2017-3305 https://bugzilla.suse.com/1029396 SUSE Bug 1029396 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1037590 SUSE Bug 1037590 https://bugzilla.suse.com/924663 SUSE Bug 924663 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2017-3308 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3308.html CVE-2017-3308 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2017-3309 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3309.html CVE-2017-3309 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3329 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3329.html CVE-2017-3329 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3450 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3450.html CVE-2017-3450 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3452 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3452.html CVE-2017-3452 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3453 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3453.html CVE-2017-3453 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3456 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3456.html CVE-2017-3456 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3461 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3461.html CVE-2017-3461 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3462 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3462.html CVE-2017-3462 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3463 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3463.html CVE-2017-3463 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVE-2017-3464 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3464.html CVE-2017-3464 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet. CVE-2017-3599 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 important 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3599.html CVE-2017-3599 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). CVE-2017-3600 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.1:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.1:mysql-community-server-tools-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client18-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.36-24.3.3 openSUSE Leap 42.2:libmysql56client_r18-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-bench-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-client-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-test-5.6.36-24.3.3 openSUSE Leap 42.2:mysql-community-server-tools-5.6.36-24.3.3 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html https://www.suse.com/security/cve/CVE-2017-3600.html CVE-2017-3600 https://bugzilla.suse.com/1029014 SUSE Bug 1029014 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715