Lucene search
SuseOPENSUSE-SU-2017:1209-1HistoryMay 08, 2017 - 6:18 p.m.
Security update for mysql-community-server (important)
2017-05-0818:18:38
lists.opensuse.org
34
0.957 High
EPSS
Percentile
99.3%
This update for mysql-community-server to version 5.6.36 fixes the
following issues:
These security issues were fixed:
- CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in
SQL statements written to the dump output, allowing for execution of
arbitrary commands (bsc#1029014) - CVE-2017-3305: MySQL client sent authentication request unencrypted even
if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850)
- CVE-2017-3309: Unspecified vulnerability in Server: Optimizer
(boo#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850)
- CVE-2017-3453: Unspecified vulnerability in Server: Optimizer
(boo#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850)
- CVE-2017-3461: Unspecified vulnerability in Server: Security
(boo#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security
(boo#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security
(boo#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850)
- CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428).
- CVE-2017-3450: Unspecified vulnerability Server: Memcached
- CVE-2017-3452: Unspecified vulnerability Server: Optimizer
- CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth
- CVE-2017-3600: Unspecified vulnerability in Client: mysqldump
(boo#1034850) - ‘–ssl-mode=REQUIRED’ can be specified to require a secure connection
(it fails if a secure connection cannot be obtained)
These non-security issues were fixed:
- Set the default umask to 077 in mysql-systemd-helper (boo#1020976)
- Change permissions of the configuration dir/files to 755/644. Please
note that storing the password in the /etc/my.cnf file is not safe. Use
for example an option file that is accessible only by yourself
(boo#889126)
For more information please see
<a href=“http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html”>http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html</a>
Related
nessus
nessus
SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)
2017-05-01 00:00:00
Debian DLA-916-1 : mysql-5.5 security update (Riddle)
2017-04-26 00:00:00
openvas
openvas
Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)
2017-04-25 00:00:00
Debian LTS: Security Advisory for mysql-5.5 (DLA-916-1)
2018-01-17 00:00:00
suse
suse
Security update for mysql (important)
2017-04-28 21:13:58
Security update for mariadb (important)
2017-08-10 03:10:27
Security update for mariadb (important)
2017-08-03 15:11:47
debian
debian
[SECURITY] [DLA 916-1] mysql-5.5 security update
2017-04-25 20:47:46
[SECURITY] [DSA 3834-1] mysql-5.5 security update
2017-04-25 15:15:11
[SECURITY] [DSA 3834-1] mysql-5.5 security update
2017-04-25 15:15:11
osv
osv
mysql-5.5 - security update
2017-04-25 00:00:00
mysql-5.5 - security update
2017-04-25 00:00:00
CVE-2017-3600
2017-04-24 19:59:06
amazon
amazon
Important: mysql56
2017-05-18 22:01:00
Medium: mysql55
2017-05-19 00:27:00
fedora
fedora
[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25
2017-04-29 01:50:21
[SECURITY] Fedora 24 Update: community-mysql-5.7.18-2.fc24
2017-04-29 01:18:25
[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26
2017-04-28 14:36:49
slackware
slackware
[slackware-security] mariadb
2017-07-14 22:13:14
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.23-alt1
2017-05-05 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2017-07-24 00:00:00
MySQL vulnerabilities
2017-04-27 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2017-04-19 00:00:00
mysql -- denial of service vulnerability
2017-01-27 00:00:00
f5
f5
mariadbunix
mariadbunix
debiancve
debiancve
cve
cve
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2017-04-25 19:59:00
Design/Logic Flaw
2017-04-24 19:59:00
Integer overflow
2017-04-24 19:59:00
ubuntucve
ubuntucve
redhat
redhat
(RHSA-2017:2787) Important: rh-mysql56-mysql security and bug fix update
2017-09-21 07:18:30
(RHSA-2017:2192) Moderate: mariadb security and bug fix update
2017-08-01 05:58:44
centos
centos
mariadb security update
2017-08-24 01:39:47
oraclelinux
oraclelinux
mariadb security and bug fix update
2017-08-07 00:00:00
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:05
Denial Of Service (DoS)
2019-05-02 06:37:05
Man-In-The-Middle
2019-05-02 06:37:03
zdt
zdt
MySQL 5.6.35 / 5.7.17 Integer Overflow Exploit
2017-05-02 00:00:00
exploitpack
exploitpack
MySQL 5.6.35 5.7.17 - Integer Overflow
2017-05-01 00:00:00
seebug
seebug
Pre-Auth MySQL remote DOS (Integer Overflow)(CVE-2017-3599)
2017-04-19 00:00:00
packetstorm
packetstorm
MySQL 5.6.35 / 5.7.17 Integer Overflow
2017-05-01 00:00:00
alpinelinux
alpinelinux
checkpoint_advisories
checkpoint_advisories
Oracle MySQL sql_authentication Integer Overflow (CVE-2017-3599)
2017-05-11 00:00:00