Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2016.0348.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2016:0348-1)
Zusammenfassung:The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:0348-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:0348-1 advisory.

Vulnerability Insight:
This update to MySQL 5.5.47 fixes the following issues (bsc#962779):
- CVE-2015-7744: Lack of verification against faults associated with the
Chinese Remainder Theorem (CRT) process when allowing ephemeral key
exchange without low memory optimizations on a server, which makes it
easier for remote attackers to obtain private RSA keys by capturing TLS
handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and
earlier and 5.6.11 and earlier allows remote authenticated users to
affect availability via unknown vectors related to Optimizer.
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to Options.
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect
confidentiality, integrity, and availability via unknown vectors related
to Client.
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier and 5.6.27 and earlier allows remote authenticated users to
affect availability via vectors related to DML.
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via vectors related to DML.
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to InnoDB.
- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect integrity via unknown vectors related to encryption.
- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via vectors related to UDF.
- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to privileges.
- CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier allows remote authenticated users to affect availability via
unknown vectors related to Optimizer.
- bsc#959724: Possible buffer overflow from incorrect use of strcpy() and
sprintf()
The following bugs were fixed:
- bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf

Affected Software/OS:
'mysql' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP4.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7744
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
http://www.securitytracker.com/id/1034708
SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-0502
Common Vulnerability Exposure (CVE) ID: CVE-2016-0505
BugTraq ID: 81088
http://www.securityfocus.com/bid/81088
Debian Security Information: DSA-3453 (Google Search)
http://www.debian.org/security/2016/dsa-3453
Debian Security Information: DSA-3459 (Google Search)
http://www.debian.org/security/2016/dsa-3459
RedHat Security Advisories: RHSA-2016:0534
http://rhn.redhat.com/errata/RHSA-2016-0534.html
RedHat Security Advisories: RHSA-2016:0705
http://rhn.redhat.com/errata/RHSA-2016-0705.html
RedHat Security Advisories: RHSA-2016:1132
https://access.redhat.com/errata/RHSA-2016:1132
RedHat Security Advisories: RHSA-2016:1480
http://rhn.redhat.com/errata/RHSA-2016-1480.html
RedHat Security Advisories: RHSA-2016:1481
http://rhn.redhat.com/errata/RHSA-2016-1481.html
SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
http://www.ubuntu.com/usn/USN-2881-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0546
BugTraq ID: 81066
http://www.securityfocus.com/bid/81066
Common Vulnerability Exposure (CVE) ID: CVE-2016-0596
BugTraq ID: 81130
http://www.securityfocus.com/bid/81130
Common Vulnerability Exposure (CVE) ID: CVE-2016-0597
BugTraq ID: 81151
http://www.securityfocus.com/bid/81151
Common Vulnerability Exposure (CVE) ID: CVE-2016-0598
BugTraq ID: 81182
http://www.securityfocus.com/bid/81182
Common Vulnerability Exposure (CVE) ID: CVE-2016-0600
BugTraq ID: 81188
http://www.securityfocus.com/bid/81188
Common Vulnerability Exposure (CVE) ID: CVE-2016-0606
Common Vulnerability Exposure (CVE) ID: CVE-2016-0608
BugTraq ID: 81226
http://www.securityfocus.com/bid/81226
Common Vulnerability Exposure (CVE) ID: CVE-2016-0609
BugTraq ID: 81258
http://www.securityfocus.com/bid/81258
Common Vulnerability Exposure (CVE) ID: CVE-2016-0616
BugTraq ID: 81176
http://www.securityfocus.com/bid/81176
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.