Security update for mariadb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0486-1 Final 1 1 2017-02-16T20:45:08Z current 2017-02-16T20:45:08Z 2017-02-16T20:45:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878) - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882) - CVE-2016-6664: Root Privilege Escalation (bsc#1008253) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) - notable changes: * XtraDB updated to 5.6.34-79.1 * TokuDB updated to 5.6.34-79.1 * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html E-Mail link for openSUSE-SU-2017:0486-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 libmysqlclient-devel-10.0.29-18.1 libmysqlclient18-10.0.29-18.1 libmysqlclient18-32bit-10.0.29-18.1 libmysqlclient_r18-10.0.29-18.1 libmysqlclient_r18-32bit-10.0.29-18.1 libmysqld-devel-10.0.29-18.1 libmysqld18-10.0.29-18.1 mariadb-10.0.29-18.1 mariadb-bench-10.0.29-18.1 mariadb-client-10.0.29-18.1 mariadb-errormessages-10.0.29-18.1 mariadb-test-10.0.29-18.1 mariadb-tools-10.0.29-18.1 libmysqlclient-devel-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqlclient18-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqlclient18-32bit-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqlclient_r18-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqlclient_r18-32bit-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqld-devel-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqld18-10.0.29-18.1 as a component of openSUSE Leap 42.1 mariadb-10.0.29-18.1 as a component of openSUSE Leap 42.1 mariadb-bench-10.0.29-18.1 as a component of openSUSE Leap 42.1 mariadb-client-10.0.29-18.1 as a component of openSUSE Leap 42.1 mariadb-errormessages-10.0.29-18.1 as a component of openSUSE Leap 42.1 mariadb-test-10.0.29-18.1 as a component of openSUSE Leap 42.1 mariadb-tools-10.0.29-18.1 as a component of openSUSE Leap 42.1 libmysqlclient-devel-10.0.29-18.1 as a component of openSUSE Leap 42.2 libmysqlclient18-10.0.29-18.1 as a component of openSUSE Leap 42.2 libmysqlclient18-32bit-10.0.29-18.1 as a component of openSUSE Leap 42.2 libmysqlclient_r18-10.0.29-18.1 as a component of openSUSE Leap 42.2 libmysqlclient_r18-32bit-10.0.29-18.1 as a component of openSUSE Leap 42.2 libmysqld-devel-10.0.29-18.1 as a component of openSUSE Leap 42.2 libmysqld18-10.0.29-18.1 as a component of openSUSE Leap 42.2 mariadb-10.0.29-18.1 as a component of openSUSE Leap 42.2 mariadb-bench-10.0.29-18.1 as a component of openSUSE Leap 42.2 mariadb-client-10.0.29-18.1 as a component of openSUSE Leap 42.2 mariadb-errormessages-10.0.29-18.1 as a component of openSUSE Leap 42.2 mariadb-test-10.0.29-18.1 as a component of openSUSE Leap 42.2 mariadb-tools-10.0.29-18.1 as a component of openSUSE Leap 42.2 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. CVE-2016-6664 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2016-6664.html CVE-2016-6664 https://bugzilla.suse.com/1008253 SUSE Bug 1008253 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020873 SUSE Bug 1020873 https://bugzilla.suse.com/998309 SUSE Bug 998309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVE-2017-3238 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3238.html CVE-2017-3238 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020882 SUSE Bug 1020882 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). CVE-2017-3243 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3243.html CVE-2017-3243 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020891 SUSE Bug 1020891 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVE-2017-3244 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3244.html CVE-2017-3244 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020877 SUSE Bug 1020877 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVE-2017-3257 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3257.html CVE-2017-3257 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020878 SUSE Bug 1020878 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVE-2017-3258 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3258.html CVE-2017-3258 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020875 SUSE Bug 1020875 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). CVE-2017-3265 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 5.5 AV:L/AC:H/Au:S/C:C/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3265.html CVE-2017-3265 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020885 SUSE Bug 1020885 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVE-2017-3291 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6 AV:L/AC:H/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3291.html CVE-2017-3291 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020884 SUSE Bug 1020884 https://bugzilla.suse.com/998309 SUSE Bug 998309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVE-2017-3312 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3312.html CVE-2017-3312 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020873 SUSE Bug 1020873 https://bugzilla.suse.com/998309 SUSE Bug 998309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). CVE-2017-3317 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 low 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3317.html CVE-2017-3317 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020894 SUSE Bug 1020894 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). CVE-2017-3318 openSUSE Leap 42.1:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.1:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.1:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.1:libmysqld18-10.0.29-18.1 openSUSE Leap 42.1:mariadb-10.0.29-18.1 openSUSE Leap 42.1:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.1:mariadb-client-10.0.29-18.1 openSUSE Leap 42.1:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.1:mariadb-test-10.0.29-18.1 openSUSE Leap 42.1:mariadb-tools-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-10.0.29-18.1 openSUSE Leap 42.2:libmysqlclient_r18-32bit-10.0.29-18.1 openSUSE Leap 42.2:libmysqld-devel-10.0.29-18.1 openSUSE Leap 42.2:libmysqld18-10.0.29-18.1 openSUSE Leap 42.2:mariadb-10.0.29-18.1 openSUSE Leap 42.2:mariadb-bench-10.0.29-18.1 openSUSE Leap 42.2:mariadb-client-10.0.29-18.1 openSUSE Leap 42.2:mariadb-errormessages-10.0.29-18.1 openSUSE Leap 42.2:mariadb-test-10.0.29-18.1 openSUSE Leap 42.2:mariadb-tools-10.0.29-18.1 low 1 AV:L/AC:H/Au:S/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00027.html https://www.suse.com/security/cve/CVE-2017-3318.html CVE-2017-3318 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020896 SUSE Bug 1020896