Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.4.2016.0348.1 |
Kategorie: | SuSE Local Security Checks |
Titel: | SUSE: Security Advisory (SUSE-SU-2016:0348-1) |
Zusammenfassung: | The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:0348-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:0348-1 advisory. Vulnerability Insight: This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Affected Software/OS: 'mysql' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP4. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7744 https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ http://www.securitytracker.com/id/1034708 SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0502 Common Vulnerability Exposure (CVE) ID: CVE-2016-0505 BugTraq ID: 81088 http://www.securityfocus.com/bid/81088 Debian Security Information: DSA-3453 (Google Search) http://www.debian.org/security/2016/dsa-3453 Debian Security Information: DSA-3459 (Google Search) http://www.debian.org/security/2016/dsa-3459 RedHat Security Advisories: RHSA-2016:0534 http://rhn.redhat.com/errata/RHSA-2016-0534.html RedHat Security Advisories: RHSA-2016:0705 http://rhn.redhat.com/errata/RHSA-2016-0705.html RedHat Security Advisories: RHSA-2016:1132 https://access.redhat.com/errata/RHSA-2016:1132 RedHat Security Advisories: RHSA-2016:1480 http://rhn.redhat.com/errata/RHSA-2016-1480.html RedHat Security Advisories: RHSA-2016:1481 http://rhn.redhat.com/errata/RHSA-2016-1481.html SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://www.ubuntu.com/usn/USN-2881-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0546 BugTraq ID: 81066 http://www.securityfocus.com/bid/81066 Common Vulnerability Exposure (CVE) ID: CVE-2016-0596 BugTraq ID: 81130 http://www.securityfocus.com/bid/81130 Common Vulnerability Exposure (CVE) ID: CVE-2016-0597 BugTraq ID: 81151 http://www.securityfocus.com/bid/81151 Common Vulnerability Exposure (CVE) ID: CVE-2016-0598 BugTraq ID: 81182 http://www.securityfocus.com/bid/81182 Common Vulnerability Exposure (CVE) ID: CVE-2016-0600 BugTraq ID: 81188 http://www.securityfocus.com/bid/81188 Common Vulnerability Exposure (CVE) ID: CVE-2016-0606 Common Vulnerability Exposure (CVE) ID: CVE-2016-0608 BugTraq ID: 81226 http://www.securityfocus.com/bid/81226 Common Vulnerability Exposure (CVE) ID: CVE-2016-0609 BugTraq ID: 81258 http://www.securityfocus.com/bid/81258 Common Vulnerability Exposure (CVE) ID: CVE-2016-0616 BugTraq ID: 81176 http://www.securityfocus.com/bid/81176 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |