Security update for mysql-community-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2868-1 Final 1 1 2017-10-27T11:06:32Z current 2017-10-27T11:06:32Z 2017-10-27T11:06:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-community-server This update for mysql-community-server to 5.6.38 fixes the following issues: Full list of changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed: - [boo#1064116] CVE-2017-10379 - [boo#1064117] CVE-2017-10384 - [boo#1064115] CVE-2017-10378 - [boo#1064101] CVE-2017-10268 - [boo#1064096] CVE-2017-10155 - [boo#1064118] CVE-2017-3731 - [boo#1064102] CVE-2017-10276 - [boo#1064105] CVE-2017-10283 - [boo#1064112] CVE-2017-10314 - [boo#1064100] CVE-2017-10227 - [boo#1064104] CVE-2017-10279 - [boo#1064108] CVE-2017-10294 - [boo#1064107] CVE-2017-10286 Additional changes: - add 'BuildRequires: unixODBC-devel' to allow ODBC support for Connect engine [boo#1039034] - update filename in /var/adm/update-messages to match documentation, and build-compare pattern - some scripts from the tools subpackage, namely: wsrep_sst_xtrabackup, wsrep_sst_mariabackup.sh and wsrep_sst_xtrabackup-v2.sh need socat - fixed incorrect descriptions and mismatching RPM groups The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html E-Mail link for openSUSE-SU-2017:2868-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libmysql56client18-5.6.38-30.1 libmysql56client18-32bit-5.6.38-30.1 libmysql56client_r18-5.6.38-30.1 libmysql56client_r18-32bit-5.6.38-30.1 mysql-community-server-5.6.38-30.1 mysql-community-server-bench-5.6.38-30.1 mysql-community-server-client-5.6.38-30.1 mysql-community-server-errormessages-5.6.38-30.1 mysql-community-server-test-5.6.38-30.1 mysql-community-server-tools-5.6.38-30.1 libmysql56client18-5.6.38-30.1 as a component of openSUSE Leap 42.2 libmysql56client18-32bit-5.6.38-30.1 as a component of openSUSE Leap 42.2 libmysql56client_r18-5.6.38-30.1 as a component of openSUSE Leap 42.2 libmysql56client_r18-32bit-5.6.38-30.1 as a component of openSUSE Leap 42.2 mysql-community-server-5.6.38-30.1 as a component of openSUSE Leap 42.2 mysql-community-server-bench-5.6.38-30.1 as a component of openSUSE Leap 42.2 mysql-community-server-client-5.6.38-30.1 as a component of openSUSE Leap 42.2 mysql-community-server-errormessages-5.6.38-30.1 as a component of openSUSE Leap 42.2 mysql-community-server-test-5.6.38-30.1 as a component of openSUSE Leap 42.2 mysql-community-server-tools-5.6.38-30.1 as a component of openSUSE Leap 42.2 libmysql56client18-5.6.38-30.1 as a component of openSUSE Leap 42.3 libmysql56client18-32bit-5.6.38-30.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-5.6.38-30.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-32bit-5.6.38-30.1 as a component of openSUSE Leap 42.3 mysql-community-server-5.6.38-30.1 as a component of openSUSE Leap 42.3 mysql-community-server-bench-5.6.38-30.1 as a component of openSUSE Leap 42.3 mysql-community-server-client-5.6.38-30.1 as a component of openSUSE Leap 42.3 mysql-community-server-errormessages-5.6.38-30.1 as a component of openSUSE Leap 42.3 mysql-community-server-test-5.6.38-30.1 as a component of openSUSE Leap 42.3 mysql-community-server-tools-5.6.38-30.1 as a component of openSUSE Leap 42.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10155 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10155.html CVE-2017-10155 https://bugzilla.suse.com/1064096 SUSE Bug 1064096 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10227 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 6.1 AV:N/AC:L/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10227.html CVE-2017-10227 https://bugzilla.suse.com/1064100 SUSE Bug 1064100 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10268 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 moderate 3.7 AV:L/AC:H/Au:M/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10268.html CVE-2017-10268 https://bugzilla.suse.com/1064101 SUSE Bug 1064101 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076505 SUSE Bug 1076505 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10276 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10276.html CVE-2017-10276 https://bugzilla.suse.com/1064102 SUSE Bug 1064102 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10279 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 6.1 AV:N/AC:L/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10279.html CVE-2017-10279 https://bugzilla.suse.com/1064104 SUSE Bug 1064104 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10283 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10283.html CVE-2017-10283 https://bugzilla.suse.com/1064105 SUSE Bug 1064105 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10286 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 moderate 4.6 AV:N/AC:H/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10286.html CVE-2017-10286 https://bugzilla.suse.com/1064107 SUSE Bug 1064107 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10294 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 6.1 AV:N/AC:L/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10294.html CVE-2017-10294 https://bugzilla.suse.com/1064108 SUSE Bug 1064108 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10314 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 important 6.1 AV:N/AC:L/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10314.html CVE-2017-10314 https://bugzilla.suse.com/1064112 SUSE Bug 1064112 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10378 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10378.html CVE-2017-10378 https://bugzilla.suse.com/1064115 SUSE Bug 1064115 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076505 SUSE Bug 1076505 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10379 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10379.html CVE-2017-10379 https://bugzilla.suse.com/1064116 SUSE Bug 1064116 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10384 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-10384.html CVE-2017-10384 https://bugzilla.suse.com/1064117 SUSE Bug 1064117 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. CVE-2017-3731 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client18-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.38-30.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.38-30.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.38-30.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00076.html https://www.suse.com/security/cve/CVE-2017-3731.html CVE-2017-3731 https://bugzilla.suse.com/1021641 SUSE Bug 1021641 https://bugzilla.suse.com/1022085 SUSE Bug 1022085 https://bugzilla.suse.com/1025354 SUSE Bug 1025354 https://bugzilla.suse.com/1064118 SUSE Bug 1064118 https://bugzilla.suse.com/1064119 SUSE Bug 1064119