FEDORA-2016-e30164d0a2

openSUSE-SU-2015:2244

openSUSE-SU-2015:2246

openSUSE-SU-2016:0368

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

77205

1033894

SUSE-SU-2016:0296

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 10.0.22, and is therefore affected by the following denial of service vulnerabilities :

 - Multiple denial ofservice vulnerabilities exist due to multiple unspecified flaws in the 'Server : Partition'subcomponent.  An authenticated, remote attacker can exploit these flaws to affect availability. (CVE-2015-4792, CVE-2015-4802)
 - A denial of service vulnerability exists due to an unspecified flaw in the Query Cache subcomponent.  An authenticated, remote attacker can exploit this to affect availability. (CVE-2015-4807)
 - A denial of service vulnerability exists due to an unspecified flaw in the DDL subcomponent.  An authenticated, remote attacker can exploit this to affect availability. (CVE-2015-4815)
 - An information disclosure vulnerability exists due to an unspecified flaw in the Types subcomponent.  An authenticated, remote attacker can exploit this to gain access to sensitive information. (CVE-2015-4826)
 - An unspecified vulnerability exists due to an unspecified flaw in the 'Security : Privileges' subcomponent.  An authenticated, remote attacker can exploit this to affect integrity. (CVE-2015-4830)
 - A denial of service vulnerability exists due to an unspecified flaw in the SP subcomponent.  An authenticated, remote attacker can exploit this to affect availability. (CVE-2015-4836)
 - Multiple denial of service vulnerabilities exist due to multiple unspecified flaws in the DML subcomponent.  An authenticated, remote attacker can exploit these flaws to affect availability. (CVE-2015-4858, CVE-2015-4913)
 - A denial of service vulnerability exists due to an unspecified flaw in the InnoDB subcomponent.  An authenticated, remote attacker can exploit this to affect availability. (CVE-2015-4861)
 - A denial of service vulnerability exists due to an unspecified flaw in the 'Server : Parser' subcomponent.  An authenticated, remote attacker can exploit this to affect availability. (CVE-2015-4870)
 - A denial of service vulnerability exists due to a flaw in the 'convert_kill_to_deadlock_error()' function that is triggered when handling rollbacks.  An authenticated, remote attacker can exploit this, via a specially crafted query, to cause the database to crash.
 - A denial of service vulnerability exists due to a flaw in the 'no_rows_in_result()' function that is triggered when handling logical conditions.  An authenticated, remote attacker can exploit this, via a specially crafted query, to cause the database to crash.

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.46 or 5.6.x prior to 5.6.27 and is affected by vulnerabilities in the following components :

- :

 - Client Programs
 - Data Definition Language
 - Data Manipulation Language
 - InnoDB
 - Option
 - Partition
 - Query Cache
 - Security:Privileges
 - Server Parser
 - Server Partition
 - Stored Procedures
 - Types

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack.
(CVE-2015-7744)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4864)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
(CVE-2015-4861)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2015-4862)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. (CVE-2015-4910)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858 . (CVE-2015-4913)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0610)

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0594)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0595)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802 . (CVE-2015-4792)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. (CVE-2015-4791)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
(CVE-2015-4807)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. (CVE-2015-4870)

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0599)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. (CVE-2016-0546)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913 .
(CVE-2015-4858)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. (CVE-2015-4815)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. (CVE-2015-4833)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4830)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. (CVE-2015-4836)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to UDF. (CVE-2016-0608)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. (CVE-2016-0609)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. (CVE-2016-0505)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503 . (CVE-2016-0504)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. (CVE-2015-4890)

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. (CVE-2016-0601)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. (CVE-2015-4904)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. (CVE-2015-4905)

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
(CVE-2016-0605)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. (CVE-2016-0606)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. (CVE-2015-4766)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0611)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to replication. (CVE-2016-0607)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
(CVE-2015-4819)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
(CVE-2015-4879)

Unspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0502)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4895)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504 . (CVE-2016-0503)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0600)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792 . (CVE-2015-4802)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. (CVE-2015-4800)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. (CVE-2015-4826)

This is an update to 10.0.23 that delivers also all fixes for CVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616 (some of them were fixed in previous update already).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements.

The following CVEs have been fixed :

  - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,     CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,     CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,     CVE-2015-4913, CVE-2015-4792

  - Fix information leak via mysql-systemd-helper script.
    (CVE-2015-5969, bsc#957174)

For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents :

- https://kb.askmonty.org/en/mariadb-10022-release-notes/

- https://kb.askmonty.org/en/mariadb-10022-changelog/

This update was imported from the SUSE:SLE-12-SP1:Update update project.

MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements.

The following CVEs have been fixed :

  - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,     CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,     CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,     CVE-2015-4913, CVE-2015-4792

  - Fix information leak via mysql-systemd-helper script.
    (CVE-2015-5969, bsc#957174)

For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents :

- https://kb.askmonty.org/en/mariadb-10022-release-notes/

- https://kb.askmonty.org/en/mariadb-10022-changelog/

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements.

The following CVEs have been fixed :

  - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,     CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,     CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,     CVE-2015-4913, CVE-2015-4792

  - 10.0.21: CVE-2015-4816, CVE-2015-4819, CVE-2015-4879,     CVE-2015-4895

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

MariaDB was updated to 5.5.46 to fix security issues and bugs.

The following vulnerabilities were fixed in the upstream release :

CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 

A list of upstream changes and release notes can be found here:
https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/

MariaDB was updated to 10.0.22 to fix security issues and bugs.

The following vulnerabilities were fixed in the upstream release :

CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792

A list of upstream changes and release notes can be found here :

- https://kb.askmonty.org/en/mariadb-10022-release-notes/

- https://kb.askmonty.org/en/mariadb-10022-changelog/

The following build problems were fixed :

  - bsc#937787: fix main.bootstrap test (change default     charset to utf8 in test result)

The version of MariaDB running on the remote host is prior to 5.5.46.
It is, therefore, affected by the following vulnerabilities :

  - Multiple unspecified flaws exist related to the     Partition subcomponent that allow an authenticated,     remote attacker to cause a denial of service.
    (CVE-2015-4802, CVE-2015-4792)

  - An unspecified flaw exists related to the Query Cache     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2015-4807)

  - An unspecified flaw exists related to the DDL     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2015-4815)

  - An unspecified flaw exists related to the Types     subcomponent that allows an authenticated, remote     attacker to gain access to sensitive information.
    (CVE-2015-4826)

  - An unspecified flaw exists related to the     Security:Privileges subcomponent that allows an     authenticated, remote attacker to affect the integrity     of the system. No other details are available.
    (CVE-2015-4830)

  - An unspecified flaw exists related to the SP     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2015-4836)

  - Multiple unspecified flaws exist related to the DML     subcomponent that allow an authenticated, remote     attacker to cause a denial of service. (CVE-2015-4858,     CVE-2015-4913)

  - An unspecified flaw exists related to the InnoDB     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2015-4861)

  - An unspecified flaw exists related to the Parser     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2015-4870)

  - A flaw exists in the mysql_prepare_create_table()     function due to improper handling of a comma buffer that     is greater than zero. An authenticated, remote attacker     can exploit this to cause a denial of service condition.

The version of MariaDB running on the remote host is 10.0.x prior to 10.0.22. It is, therefore, affected by multiple vulnerabilities :

  - Multiple denial of service vulnerabilities exist due to     multiple unspecified flaws in the 'Server : Partition'     subcomponent. An authenticated, remote attacker can     exploit these flaws to affect availability.
    (CVE-2015-4792, CVE-2015-4802)

  - A denial of service vulnerability exists due to an     unspecified flaw in the Query Cache subcomponent. An     authenticated, remote attacker can exploit this to     affect availability. (CVE-2015-4807)

  - A denial of service vulnerability exists due to an     unspecified flaw in the DDL subcomponent. An     authenticated, remote attacker can exploit this to     affect availability. (CVE-2015-4815)

  - An information disclosure vulnerability exists due to an     unspecified flaw in the Types subcomponent. An     authenticated, remote attacker can exploit this to gain     access to sensitive information. (CVE-2015-4826)

  - An unspecified vulnerability exists due to an     unspecified flaw in the 'Security : Privileges'     subcomponent. An authenticated, remote attacker can     exploit this to affect integrity. (CVE-2015-4830)

  - A denial of service vulnerability exists due to an     unspecified flaw in the SP subcomponent. An     authenticated, remote attacker can exploit this to     affect availability. (CVE-2015-4836)

  - Multiple denial of service vulnerabilities exist due to     multiple unspecified flaws in the DML subcomponent. An     authenticated, remote attacker can exploit these flaws     to affect availability. (CVE-2015-4858, CVE-2015-4913)

  - A denial of service vulnerability exists due to an     unspecified flaw in the InnoDB subcomponent. An     authenticated, remote attacker can exploit this to     affect availability. (CVE-2015-4861)

  - A denial of service vulnerability exists due to an     unspecified flaw in the 'Server : Parser' subcomponent.
    An authenticated, remote attacker can exploit this to     affect availability. (CVE-2015-4870)

  - A denial of service vulnerability exists due to a flaw     in the ha_partition::index_init() function that is     triggered when handling the priority queue. An     authenticated, remote attacker can exploit this, via a     specially crafted query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the Item_field::fix_outer_field() function that is     triggered when handling PREPARE statements. An     authenticated, remote attacker can exploit this, via a     specially crafted query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the convert_kill_to_deadlock_error() function that is     triggered when handling rollbacks. An authenticated,     remote attacker can exploit this, via a specially     crafted query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the no_rows_in_result() function that is triggered     when handling logical conditions. An authenticated,     remote attacker can exploit this, via a specially     crafted query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the handle_grant_struct() function that is triggered     when handling HASH updates. An authenticated, remote     attacker can exploit this, via a specially crafted     query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the is_invalid_role_name() function that is triggered     when handling ACLs with blank role names. An     authenticated, remote attacker can exploit this, via a     specially crafted query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the Item_direct_view_ref class that is triggered     when handling SELECT queries. An authenticated, remote     attacker can exploit this, via a specially crafted     query, to cause the database to crash.

  - A denial of service vulnerability exists due to a flaw     in the opt_sum_query() function that is triggered when     handling constant tables. An authenticated, remote     attacker can exploit this, via a specially crafted     query, to cause the database to crash.

Oracle reports :

Critical Patch Update: MySQL Server, version(s) 5.5.45 and prior, 5.6.26 and prior

The version of MySQL running on the remote host is 5.6.x prior to 5.6.27. It is, therefore, potentially affected by the following vulnerabilities :

  - A certificate validation bypass vulnerability exists in     the Security:Encryption subcomponent due to a flaw in     the X509_verify_cert() function in x509_vfy.c that is     triggered when locating alternate certificate chains     when the first attempt to build such a chain fails. A     remote attacker can exploit this, by using a valid leaf     certificate as a certificate authority (CA), to issue     invalid certificates that will bypass authentication.
    (CVE-2015-1793)

  - An unspecified flaw exists in the Client Programs     subcomponent. A local attacker can exploit this to gain     elevated privileges. (CVE-2015-4819)

  - An unspecified flaw exists in the Types subcomponent.
    An authenticated, remote attacker can exploit this to     gain access to sensitive information. (CVE-2015-4826)

  - An unspecified flaws exist in the Security:Privileges     subcomponent. An authenticated, remote attacker can     exploit these to impact integrity. (CVE-2015-4830,     CVE-2015-4864)

  - An unspecified flaw exists in the DLM subcomponent.
    An authenticated, remote attacker can exploit this to     impact integrity. (CVE-2015-4879)

  - An unspecified flaw exists in the Server Security     Encryption subcomponent that allows an authenticated,     remote attacker to disclose sensitive information.
    (CVE-2015-7744)

Additionally, unspecified denial of service vulnerabilities can also exist in the following MySQL subcomponents :

  - DDL (CVE-2015-4815)

  - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4905,     CVE-2015-4913)

  - InnoDB (CVE-2015-4861, CVE-2015-4866, CVE-2015-4895)

  - libmysqld (CVE-2015-4904)

  - Memcached (CVE-2015-4910)

  - Optimizer (CVE-2015-4800)

  - Parser (CVE-2015-4870)

  - Partition (CVE-2015-4792, CVE-2015-4802, CVE-2015-4833)

  - Query (CVE-2015-4807)

  - Replication (CVE-2015-4890)

  - Security : Firewall (CVE-2015-4766)

  - Server : General (CVE-2016-0605)

  - Security : Privileges (CVE-2015-4791)

  - SP (CVE-2015-4836)

  - Types (CVE-2015-4730)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.46. It is, therefore, affected by the following vulnerabilities :

  - An unspecified flaw exists in the Client Programs     subcomponent. A local attacker can exploit this to gain     elevated privileges. (CVE-2015-4819)

  - An unspecified flaw exists in the Types subcomponent.
    An authenticated, remote attacker can exploit this to     gain access to sensitive information. (CVE-2015-4826)

  - An unspecified flaws exist in the Security:Privileges     subcomponent. An authenticated, remote attacker can     exploit these to impact integrity. (CVE-2015-4830,     CVE-2015-4864)

  - An unspecified flaw exists in the DLM subcomponent.
    An authenticated, remote attacker can exploit this to     impact integrity. (CVE-2015-4879)

  - An unspecified flaw exists in the Server Security     Encryption subcomponent that allows an authenticated,     remote attacker to disclose sensitive information.
    (CVE-2015-7744)

Additionally, unspecified denial of service vulnerabilities can also exist in the following MySQL subcomponents :

  - DDL (CVE-2015-4815)

  - DML (CVE-2015-4858, CVE-2015-4913) 

  - InnoDB (CVE-2015-4816, CVE-2015-4861)

  - Parser (CVE-2015-4870)

  - Partition (CVE-2015-4792, CVE-2015-4802)

  - Query (CVE-2015-4807)

  - SP (CVE-2015-4836)

ID	Name	Product	Family	Severity
9284	MariaDB Server 10.0.x < 10.0.22 Multiple DoS Vulnerabilities	Nessus Network Monitor	Database	medium
9252	Oracle MySQL 5.5.x < 5.5.46 / 5.6.x < 5.6.27 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
90366	Amazon Linux AMI : mysql56 (ALAS-2016-684)	Nessus	Amazon Linux Local Security Checks	high
89628	Fedora 23 : mariadb-10.0.23-1.fc23 (2016-e30164d0a2)	Nessus	Fedora Local Security Checks	high
88615	openSUSE Security Update : mariadb (openSUSE-2016-164)	Nessus	SuSE Local Security Checks	medium
88515	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:0296-1)	Nessus	SuSE Local Security Checks	medium
87964	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:0121-1)	Nessus	SuSE Local Security Checks	high
87486	openSUSE Security Update : MariaDB 5.5.46 (openSUSE-2015-890)	Nessus	SuSE Local Security Checks	medium
87440	openSUSE Security Update : mariadb (openSUSE-2015-884)	Nessus	SuSE Local Security Checks	medium
87210	MariaDB < 5.5.46 Multiple Vulnerabilities	Nessus	Databases	medium
86874	MariaDB 10.0.x < 10.0.22 Multiple Vulnerabilities	Nessus	Databases	medium
86858	FreeBSD : MySQL - Multiple vulnerabilities (851a0eea-88aa-11e5-90e7-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
86547	MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities	Nessus	Databases	high
86546	MySQL 5.5.x < 5.5.46 Multiple Vulnerabilities	Nessus	Databases	high

CVE-2015-4807

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins