Security update for mysql-community-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0223-1 Final 1 1 2018-01-25T19:16:40Z current 2018-01-25T19:16:40Z 2018-01-25T19:16:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-community-server This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2696: Vulnerability in the subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2583: Vulnerability in the subcomponent: Stored Procedure. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2612: Vulnerability in the subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2703: Vulnerability in the subcomponent: Server : Security : Privileges. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2573: Vulnerability in the subcomponent: Server: GIS. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2017-3737: OpenSSL introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it did not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error - CVE-2018-2647: Vulnerability in the subcomponent: Server: Replication. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2591: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2590: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2645: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1076369). For additional details please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html E-Mail link for openSUSE-SU-2018:0223-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libmysql56client18-5.6.39-33.1 libmysql56client18-32bit-5.6.39-33.1 libmysql56client_r18-5.6.39-33.1 libmysql56client_r18-32bit-5.6.39-33.1 mysql-community-server-5.6.39-33.1 mysql-community-server-bench-5.6.39-33.1 mysql-community-server-client-5.6.39-33.1 mysql-community-server-errormessages-5.6.39-33.1 mysql-community-server-test-5.6.39-33.1 mysql-community-server-tools-5.6.39-33.1 libmysql56client18-5.6.39-33.1 as a component of openSUSE Leap 42.2 libmysql56client18-32bit-5.6.39-33.1 as a component of openSUSE Leap 42.2 libmysql56client_r18-5.6.39-33.1 as a component of openSUSE Leap 42.2 libmysql56client_r18-32bit-5.6.39-33.1 as a component of openSUSE Leap 42.2 mysql-community-server-5.6.39-33.1 as a component of openSUSE Leap 42.2 mysql-community-server-bench-5.6.39-33.1 as a component of openSUSE Leap 42.2 mysql-community-server-client-5.6.39-33.1 as a component of openSUSE Leap 42.2 mysql-community-server-errormessages-5.6.39-33.1 as a component of openSUSE Leap 42.2 mysql-community-server-test-5.6.39-33.1 as a component of openSUSE Leap 42.2 mysql-community-server-tools-5.6.39-33.1 as a component of openSUSE Leap 42.2 libmysql56client18-5.6.39-33.1 as a component of openSUSE Leap 42.3 libmysql56client18-32bit-5.6.39-33.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-5.6.39-33.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-32bit-5.6.39-33.1 as a component of openSUSE Leap 42.3 mysql-community-server-5.6.39-33.1 as a component of openSUSE Leap 42.3 mysql-community-server-bench-5.6.39-33.1 as a component of openSUSE Leap 42.3 mysql-community-server-client-5.6.39-33.1 as a component of openSUSE Leap 42.3 mysql-community-server-errormessages-5.6.39-33.1 as a component of openSUSE Leap 42.3 mysql-community-server-test-5.6.39-33.1 as a component of openSUSE Leap 42.3 mysql-community-server-tools-5.6.39-33.1 as a component of openSUSE Leap 42.3 OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. CVE-2017-3737 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 moderate 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2017-3737.html CVE-2017-3737 https://bugzilla.suse.com/1071905 SUSE Bug 1071905 https://bugzilla.suse.com/1072322 SUSE Bug 1072322 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1089997 SUSE Bug 1089997 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). CVE-2018-2562 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2562.html CVE-2018-2562 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2573 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2573.html CVE-2018-2573 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). CVE-2018-2583 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2583.html CVE-2018-2583 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2590 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2590.html CVE-2018-2590 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2591 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2591.html CVE-2018-2591 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). CVE-2018-2612 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2612.html CVE-2018-2612 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2622 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2622.html CVE-2018-2622 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2640 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2640.html CVE-2018-2640 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). CVE-2018-2645 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2645.html CVE-2018-2645 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2018-2647 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2647.html CVE-2018-2647 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2665 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2665.html CVE-2018-2665 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2668 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2668.html CVE-2018-2668 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2696 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2696.html CVE-2018-2696 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2703 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client18-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.39-33.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.39-33.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.39-33.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00057.html https://www.suse.com/security/cve/CVE-2018-2703.html CVE-2018-2703 https://bugzilla.suse.com/1076369 SUSE Bug 1076369