New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for mysql-community-server to version 5.6.36 fixes the following issues :
These security issues were fixed :
- CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014)
- CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396).
- CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850)
- CVE-2017-3309: Unspecified vulnerability in Server:
Optimizer (boo#1034850)
- CVE-2017-3329: Unspecified vulnerability in Server:
Thread (boo#1034850)
- CVE-2017-3453: Unspecified vulnerability in Server:
Optimizer (boo#1034850)
- CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850)
- CVE-2017-3461: Unspecified vulnerability in Server:
Security (boo#1034850)
- CVE-2017-3462: Unspecified vulnerability in Server:
Security (boo#1034850)
- CVE-2017-3463: Unspecified vulnerability in Server:
Security (boo#1034850)
- CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850)
- CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428).
- CVE-2017-3450: Unspecified vulnerability Server:
Memcached
- CVE-2017-3452: Unspecified vulnerability Server:
Optimizer
- CVE-2017-3599: Unspecified vulnerability Server:
Pluggable Auth
- CVE-2017-3600: Unspecified vulnerability in Client:
mysqldump (boo#1034850)
- '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained)
These non-security issues were fixed :
- Set the default umask to 077 in mysql-systemd-helper (boo#1020976)
- Change permissions of the configuration dir/files to 755/644. Please note that storing the password in the /etc/my.cnf file is not safe. Use for example an option file that is accessible only by yourself (boo#889126)
For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html
Solution
Update the affected mysql-community-server packages.