Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.1279.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1279-1)
Summary:The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:1279-1 advisory.
Description:Summary:
The remote host is missing an update for the 'mysql' package(s) announced via the SUSE-SU-2016:1279-1 advisory.

Vulnerability Insight:
mysql was updated to version 5.5.49 to fix 13 security issues.
These security issues were fixed:
- CVE-2016-0644: Unspecified vulnerability allowed local users to affect
availability via vectors related to DDL (bsc#976341).
- CVE-2016-0646: Unspecified vulnerability allowed local users to affect
availability via vectors related to DML (bsc#976341).
- CVE-2016-0647: Unspecified vulnerability allowed local users to affect
availability via vectors related to FTS (bsc#976341).
- CVE-2016-0640: Unspecified vulnerability allowed local users to affect
integrity and availability via vectors related to DML (bsc#976341).
- CVE-2016-0641: Unspecified vulnerability allowed local users to affect
confidentiality and availability via vectors related to MyISAM
(bsc#976341).
- CVE-2016-0642: Unspecified vulnerability allowed local users to affect
integrity and availability via vectors related to Federated (bsc#976341).
- CVE-2016-0643: Unspecified vulnerability allowed local users to affect
confidentiality via vectors related to DML (bsc#976341).
- CVE-2016-0666: Unspecified vulnerability allowed local users to affect
availability via vectors related to Security: Privileges (bsc#976341).
- CVE-2016-0651: Unspecified vulnerability allowed local users to affect
availability via vectors related to Optimizer (bsc#976341).
- CVE-2016-0650: Unspecified vulnerability allowed local users to affect
availability via vectors related to Replication (bsc#976341).
- CVE-2016-0648: Unspecified vulnerability allowed local users to affect
availability via vectors related to PS (bsc#976341).
- CVE-2016-0649: Unspecified vulnerability allowed local users to affect
availability via vectors related to PS (bsc#976341).
- CVE-2016-2047: The ssl_verify_server_cert function in
sql-common/client.c did not properly verify that the server hostname
matches a domain name in the subject's Common Name (CN) or
subjectAltName field of the X.509 certificate, which allowed
man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in
a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com
(bsc#963806).
More details are available at
- [link moved to references]
- [link moved to references]

Affected Software/OS:
'mysql' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-0640
BugTraq ID: 86427
http://www.securityfocus.com/bid/86427
Debian Security Information: DSA-3557 (Google Search)
http://www.debian.org/security/2016/dsa-3557
Debian Security Information: DSA-3595 (Google Search)
http://www.debian.org/security/2016/dsa-3595
RedHat Security Advisories: RHSA-2016:0705
http://rhn.redhat.com/errata/RHSA-2016-0705.html
RedHat Security Advisories: RHSA-2016:1132
https://access.redhat.com/errata/RHSA-2016:1132
RedHat Security Advisories: RHSA-2016:1480
http://rhn.redhat.com/errata/RHSA-2016-1480.html
RedHat Security Advisories: RHSA-2016:1481
http://rhn.redhat.com/errata/RHSA-2016-1481.html
RedHat Security Advisories: RHSA-2016:1602
http://rhn.redhat.com/errata/RHSA-2016-1602.html
http://www.securitytracker.com/id/1035606
SuSE Security Announcement: SUSE-SU-2016:1279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html
SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
SuSE Security Announcement: openSUSE-SU-2016:1332 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
http://www.ubuntu.com/usn/USN-2953-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0641
BugTraq ID: 86470
http://www.securityfocus.com/bid/86470
Common Vulnerability Exposure (CVE) ID: CVE-2016-0642
BugTraq ID: 86445
http://www.securityfocus.com/bid/86445
RedHat Security Advisories: RHSA-2016:0534
http://rhn.redhat.com/errata/RHSA-2016-0534.html
http://www.ubuntu.com/usn/USN-2954-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0643
BugTraq ID: 86486
http://www.securityfocus.com/bid/86486
Common Vulnerability Exposure (CVE) ID: CVE-2016-0644
BugTraq ID: 86442
http://www.securityfocus.com/bid/86442
Common Vulnerability Exposure (CVE) ID: CVE-2016-0646
BugTraq ID: 86436
http://www.securityfocus.com/bid/86436
Common Vulnerability Exposure (CVE) ID: CVE-2016-0647
BugTraq ID: 86495
http://www.securityfocus.com/bid/86495
Common Vulnerability Exposure (CVE) ID: CVE-2016-0648
BugTraq ID: 86457
http://www.securityfocus.com/bid/86457
Common Vulnerability Exposure (CVE) ID: CVE-2016-0649
BugTraq ID: 86498
http://www.securityfocus.com/bid/86498
Common Vulnerability Exposure (CVE) ID: CVE-2016-0650
BugTraq ID: 86496
http://www.securityfocus.com/bid/86496
Common Vulnerability Exposure (CVE) ID: CVE-2016-0651
Common Vulnerability Exposure (CVE) ID: CVE-2016-0666
BugTraq ID: 86509
http://www.securityfocus.com/bid/86509
Common Vulnerability Exposure (CVE) ID: CVE-2016-2047
BugTraq ID: 81810
http://www.securityfocus.com/bid/81810
Debian Security Information: DSA-3453 (Google Search)
http://www.debian.org/security/2016/dsa-3453
http://www.openwall.com/lists/oss-security/2016/01/26/3
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.