Security update for mysql-community-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1332-1 Final 1 1 2016-05-18T09:09:43Z current 2016-05-18T09:09:43Z 2016-05-18T09:09:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-community-server This mysql-community-server version update to 5.6.30 fixes the following issues: Security issues fixed: - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641, CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643 - changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html Bugs fixed: - don't delete the log data when migration fails - add 'log-error' and 'secure-file-priv' configuration options (added via configuration-tweaks.tar.bz2) [boo#963810] * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html E-Mail link for openSUSE-SU-2016:1332-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libmysql56client18-5.6.30-16.2 libmysql56client18-32bit-5.6.30-16.2 libmysql56client_r18-5.6.30-16.2 libmysql56client_r18-32bit-5.6.30-16.2 mysql-community-server-5.6.30-16.2 mysql-community-server-bench-5.6.30-16.2 mysql-community-server-client-5.6.30-16.2 mysql-community-server-errormessages-5.6.30-16.2 mysql-community-server-test-5.6.30-16.2 mysql-community-server-tools-5.6.30-16.2 libmysql56client18-5.6.30-16.2 as a component of openSUSE Leap 42.1 libmysql56client18-32bit-5.6.30-16.2 as a component of openSUSE Leap 42.1 libmysql56client_r18-5.6.30-16.2 as a component of openSUSE Leap 42.1 libmysql56client_r18-32bit-5.6.30-16.2 as a component of openSUSE Leap 42.1 mysql-community-server-5.6.30-16.2 as a component of openSUSE Leap 42.1 mysql-community-server-bench-5.6.30-16.2 as a component of openSUSE Leap 42.1 mysql-community-server-client-5.6.30-16.2 as a component of openSUSE Leap 42.1 mysql-community-server-errormessages-5.6.30-16.2 as a component of openSUSE Leap 42.1 mysql-community-server-test-5.6.30-16.2 as a component of openSUSE Leap 42.1 mysql-community-server-tools-5.6.30-16.2 as a component of openSUSE Leap 42.1 crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. CVE-2015-3194 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2015-3194.html CVE-2015-3194 https://bugzilla.suse.com/957812 SUSE Bug 957812 https://bugzilla.suse.com/957815 SUSE Bug 957815 https://bugzilla.suse.com/958768 SUSE Bug 958768 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/990370 SUSE Bug 990370 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. CVE-2016-0639 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0639.html CVE-2016-0639 https://bugzilla.suse.com/976341 SUSE Bug 976341 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. CVE-2016-0640 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 5.2 AV:L/AC:L/Au:S/C:N/I:P/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0640.html CVE-2016-0640 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. CVE-2016-0641 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 5 AV:L/AC:L/Au:M/C:P/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0641.html CVE-2016-0641 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. CVE-2016-0642 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.4 AV:L/AC:H/Au:M/C:N/I:P/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0642.html CVE-2016-0642 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. CVE-2016-0643 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0643.html CVE-2016-0643 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. CVE-2016-0644 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0644.html CVE-2016-0644 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. CVE-2016-0646 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0646.html CVE-2016-0646 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. CVE-2016-0647 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 5.4 AV:N/AC:H/Au:N/C:N/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0647.html CVE-2016-0647 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. CVE-2016-0648 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0648.html CVE-2016-0648 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. CVE-2016-0649 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0649.html CVE-2016-0649 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. CVE-2016-0650 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0650.html CVE-2016-0650 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. CVE-2016-0655 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4 AV:L/AC:H/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0655.html CVE-2016-0655 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. CVE-2016-0661 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 important 4 AV:L/AC:H/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0661.html CVE-2016-0661 https://bugzilla.suse.com/976341 SUSE Bug 976341 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. CVE-2016-0665 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 important 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0665.html CVE-2016-0665 https://bugzilla.suse.com/976341 SUSE Bug 976341 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. CVE-2016-0666 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0666.html CVE-2016-0666 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. CVE-2016-0668 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 critical 3.7 AV:L/AC:H/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0668.html CVE-2016-0668 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. CVE-2016-0705 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-0705.html CVE-2016-0705 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968047 SUSE Bug 968047 https://bugzilla.suse.com/971238 SUSE Bug 971238 https://bugzilla.suse.com/976341 SUSE Bug 976341 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." CVE-2016-2047 openSUSE Leap 42.1:libmysql56client18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client18-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-32bit-5.6.30-16.2 openSUSE Leap 42.1:libmysql56client_r18-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-bench-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-client-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-errormessages-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-test-5.6.30-16.2 openSUSE Leap 42.1:mysql-community-server-tools-5.6.30-16.2 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html https://www.suse.com/security/cve/CVE-2016-2047.html CVE-2016-2047 https://bugzilla.suse.com/963806 SUSE Bug 963806 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904