Security update for mysql-community-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1101-1 Final 1 1 2018-04-27T14:47:04Z current 2018-04-27T14:47:04Z 2018-04-27T14:47:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-community-server This update for mysql-community-server to version 5.6.40 fixes the following issues: Security issues fixed: - CVE-2018-2755: Unspecified vulnerability in the Replication component - CVE-2018-2819: Unspecified vulnerability in the InnoDB component - CVE-2018-2817: Unspecified vulnerability in the Server DDL component - CVE-2018-2761: Unspecified vulnerability in the client programs - CVE-2018-2818: Unspecified vulnerability in the Server Security Privileges component - CVE-2018-2781: Unspecified vulnerability in the Server Optimizer component - CVE-2018-2771: Unspecified vulnerability in the Server locking component - CVE-2018-2813: Unspecified vulnerability in the Server DDL component - CVE-2018-2773: Unspecified vulnerability in the client programs - CVE-2018-2758: Unspecified vulnerability in the Server Security Privileges component - CVE-2018-2805: Unspecified vulnerability in the GIS Extension - CVE-2018-2782: Unspecified vulnerability in the InnoDB component - CVE-2018-2784: Unspecified vulnerability in the InnoDB component - CVE-2018-2787: Unspecified vulnerability in the InnoDB component - CVE-2018-2766: Unspecified vulnerability in the InnoDB component This update also contains all upstream fixes and improvement in the 5.6.40 release: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html E-Mail link for openSUSE-SU-2018:1101-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libmysql56client18-5.6.40-36.1 libmysql56client18-32bit-5.6.40-36.1 libmysql56client_r18-5.6.40-36.1 libmysql56client_r18-32bit-5.6.40-36.1 mysql-community-server-5.6.40-36.1 mysql-community-server-bench-5.6.40-36.1 mysql-community-server-client-5.6.40-36.1 mysql-community-server-errormessages-5.6.40-36.1 mysql-community-server-test-5.6.40-36.1 mysql-community-server-tools-5.6.40-36.1 libmysql56client18-5.6.40-36.1 as a component of openSUSE Leap 42.3 libmysql56client18-32bit-5.6.40-36.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-5.6.40-36.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-32bit-5.6.40-36.1 as a component of openSUSE Leap 42.3 mysql-community-server-5.6.40-36.1 as a component of openSUSE Leap 42.3 mysql-community-server-bench-5.6.40-36.1 as a component of openSUSE Leap 42.3 mysql-community-server-client-5.6.40-36.1 as a component of openSUSE Leap 42.3 mysql-community-server-errormessages-5.6.40-36.1 as a component of openSUSE Leap 42.3 mysql-community-server-test-5.6.40-36.1 as a component of openSUSE Leap 42.3 mysql-community-server-tools-5.6.40-36.1 as a component of openSUSE Leap 42.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2755 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2755.html CVE-2018-2755 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2758 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2758.html CVE-2018-2758 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2761 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2761.html CVE-2018-2761 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2766 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2766.html CVE-2018-2766 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2771 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2771.html CVE-2018-2771 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2773 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2773.html CVE-2018-2773 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2781 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2781.html CVE-2018-2781 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2782 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2782.html CVE-2018-2782 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2784 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2784.html CVE-2018-2784 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2018-2787 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2787.html CVE-2018-2787 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2805 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2805.html CVE-2018-2805 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2813 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2813.html CVE-2018-2813 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2817 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2817.html CVE-2018-2817 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2818 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2818.html CVE-2018-2818 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2819 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client18-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.40-36.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.40-36.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.40-36.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00080.html https://www.suse.com/security/cve/CVE-2018-2819.html CVE-2018-2819 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518