Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.0348.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:0348-1)
Summary:The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:0348-1 advisory.
Description:Summary:
The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:0348-1 advisory.

Vulnerability Insight:
This update to MySQL 5.5.47 fixes the following issues (bsc#962779):
- CVE-2015-7744: Lack of verification against faults associated with the
Chinese Remainder Theorem (CRT) process when allowing ephemeral key
exchange without low memory optimizations on a server, which makes it
easier for remote attackers to obtain private RSA keys by capturing TLS
handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and
earlier and 5.6.11 and earlier allows remote authenticated users to
affect availability via unknown vectors related to Optimizer.
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to Options.
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect
confidentiality, integrity, and availability via unknown vectors related
to Client.
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier and 5.6.27 and earlier allows remote authenticated users to
affect availability via vectors related to DML.
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via vectors related to DML.
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to InnoDB.
- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect integrity via unknown vectors related to encryption.
- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via vectors related to UDF.
- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to privileges.
- CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier allows remote authenticated users to affect availability via
unknown vectors related to Optimizer.
- bsc#959724: Possible buffer overflow from incorrect use of strcpy() and
sprintf()
The following bugs were fixed:
- bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf

Affected Software/OS:
'mysql' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP3, SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7744
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
http://www.securitytracker.com/id/1034708
SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-0502
Common Vulnerability Exposure (CVE) ID: CVE-2016-0505
BugTraq ID: 81088
http://www.securityfocus.com/bid/81088
Debian Security Information: DSA-3453 (Google Search)
http://www.debian.org/security/2016/dsa-3453
Debian Security Information: DSA-3459 (Google Search)
http://www.debian.org/security/2016/dsa-3459
RedHat Security Advisories: RHSA-2016:0534
http://rhn.redhat.com/errata/RHSA-2016-0534.html
RedHat Security Advisories: RHSA-2016:0705
http://rhn.redhat.com/errata/RHSA-2016-0705.html
RedHat Security Advisories: RHSA-2016:1132
https://access.redhat.com/errata/RHSA-2016:1132
RedHat Security Advisories: RHSA-2016:1480
http://rhn.redhat.com/errata/RHSA-2016-1480.html
RedHat Security Advisories: RHSA-2016:1481
http://rhn.redhat.com/errata/RHSA-2016-1481.html
SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
http://www.ubuntu.com/usn/USN-2881-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0546
BugTraq ID: 81066
http://www.securityfocus.com/bid/81066
Common Vulnerability Exposure (CVE) ID: CVE-2016-0596
BugTraq ID: 81130
http://www.securityfocus.com/bid/81130
Common Vulnerability Exposure (CVE) ID: CVE-2016-0597
BugTraq ID: 81151
http://www.securityfocus.com/bid/81151
Common Vulnerability Exposure (CVE) ID: CVE-2016-0598
BugTraq ID: 81182
http://www.securityfocus.com/bid/81182
Common Vulnerability Exposure (CVE) ID: CVE-2016-0600
BugTraq ID: 81188
http://www.securityfocus.com/bid/81188
Common Vulnerability Exposure (CVE) ID: CVE-2016-0606
Common Vulnerability Exposure (CVE) ID: CVE-2016-0608
BugTraq ID: 81226
http://www.securityfocus.com/bid/81226
Common Vulnerability Exposure (CVE) ID: CVE-2016-0609
BugTraq ID: 81258
http://www.securityfocus.com/bid/81258
Common Vulnerability Exposure (CVE) ID: CVE-2016-0616
BugTraq ID: 81176
http://www.securityfocus.com/bid/81176
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.