openSUSE Security Update : MySQL (openSUSE-2016-169)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to MySQL 5.6.28 fixes the following issues (bsc#962779) :

- CVE-2015-7744: Lack of verification against faults
associated with the Chinese Remainder Theorem (CRT)
process when allowing ephemeral key exchange without low
memory optimizations on a server, which makes it easier
for remote attackers to obtain private RSA keys by
capturing TLS handshakes, aka a Lenstra attack.

- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL
5.5.31 and earlier and 5.6.11 and earlier allows remote
authenticated users to affect availability via unknown
vectors related to Optimizer.

- CVE-2016-0503: Unspecified vulnerability in Oracle MySQL
5.6.27 and earlier and 5.7.9 allows remote authenticated
users to affect availability via vectors related to DML,
a different vulnerability than CVE-2016-0504.

- CVE-2016-0504: Unspecified vulnerability in Oracle MySQL
5.6.27 and earlier and 5.7.9 allows remote authenticated
users to affect availability via vectors related to DML,
a different vulnerability than CVE-2016-0503.

- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect availability via
unknown vectors related to Options.

- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
local users to affect confidentiality, integrity, and
availability via unknown vectors related to Client.

- CVE-2016-0594: Unspecified vulnerability in Oracle MySQL
5.6.21 and earlier allows remote authenticated users to
affect availability via vectors related to DML.

- CVE-2016-0595: Unspecified vulnerability in Oracle MySQL
5.6.27 and earlier allows remote authenticated users to
affect availability via vectors related to DML.

- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier and 5.6.27 and earlier allows remote
authenticated users to affect availability via vectors
related to DML.

- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect availability via
unknown vectors related to Optimizer.

- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect availability via
vectors related to DML.

- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect availability via
unknown vectors related to InnoDB.

- CVE-2016-0605: Unspecified vulnerability in Oracle MySQL
5.6.26 and earlier allows remote authenticated users to
affect availability via unknown vectors.

- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect integrity via
unknown vectors related to encryption.

- CVE-2016-0607: Unspecified vulnerability in Oracle MySQL
5.6.27 and earlier and 5.7.9 allows remote authenticated
users to affect availability via unknown vectors related
to replication.

- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect availability via
vectors related to UDF.

- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL
5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
remote authenticated users to affect availability via
unknown vectors related to privileges.

- CVE-2016-0610: Unspecified vulnerability in Oracle MySQL
5.6.27 and earlier allows remote authenticated users to
affect availability via unknown vectors related to
InnoDB.

- CVE-2016-0611: Unspecified vulnerability in Oracle MySQL
5.6.27 and earlier and 5.7.9 allows remote authenticated
users to affect availability via unknown vectors related
to Optimizer.

- bsc#959724: Possible buffer overflow from incorrect use
of strcpy() and sprintf()

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=959724
https://bugzilla.opensuse.org/show_bug.cgi?id=962779

Solution :

Update the affected MySQL packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now