Security update for mysql-community-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2011-1 Final 1 1 2017-07-29T09:53:29Z current 2017-07-29T09:53:29Z 2017-07-29T09:53:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-community-server This update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included: - switch systemd unit file from 'Restart=on-failure' to 'Restart=on-abort' - update file lists for new man-pages and tools (for mariadb) For a list of upstream changes in this release, see: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html E-Mail link for openSUSE-SU-2017:2011-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libmysql56client18-5.6.37-27.1 libmysql56client18-32bit-5.6.37-27.1 libmysql56client_r18-5.6.37-27.1 libmysql56client_r18-32bit-5.6.37-27.1 mysql-community-server-5.6.37-27.1 mysql-community-server-bench-5.6.37-27.1 mysql-community-server-client-5.6.37-27.1 mysql-community-server-errormessages-5.6.37-27.1 mysql-community-server-test-5.6.37-27.1 mysql-community-server-tools-5.6.37-27.1 libmysql56client18-5.6.37-27.1 as a component of openSUSE Leap 42.2 libmysql56client18-32bit-5.6.37-27.1 as a component of openSUSE Leap 42.2 libmysql56client_r18-5.6.37-27.1 as a component of openSUSE Leap 42.2 libmysql56client_r18-32bit-5.6.37-27.1 as a component of openSUSE Leap 42.2 mysql-community-server-5.6.37-27.1 as a component of openSUSE Leap 42.2 mysql-community-server-bench-5.6.37-27.1 as a component of openSUSE Leap 42.2 mysql-community-server-client-5.6.37-27.1 as a component of openSUSE Leap 42.2 mysql-community-server-errormessages-5.6.37-27.1 as a component of openSUSE Leap 42.2 mysql-community-server-test-5.6.37-27.1 as a component of openSUSE Leap 42.2 mysql-community-server-tools-5.6.37-27.1 as a component of openSUSE Leap 42.2 libmysql56client18-5.6.37-27.1 as a component of openSUSE Leap 42.3 libmysql56client18-32bit-5.6.37-27.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-5.6.37-27.1 as a component of openSUSE Leap 42.3 libmysql56client_r18-32bit-5.6.37-27.1 as a component of openSUSE Leap 42.3 mysql-community-server-5.6.37-27.1 as a component of openSUSE Leap 42.3 mysql-community-server-bench-5.6.37-27.1 as a component of openSUSE Leap 42.3 mysql-community-server-client-5.6.37-27.1 as a component of openSUSE Leap 42.3 mysql-community-server-errormessages-5.6.37-27.1 as a component of openSUSE Leap 42.3 mysql-community-server-test-5.6.37-27.1 as a component of openSUSE Leap 42.3 mysql-community-server-tools-5.6.37-27.1 as a component of openSUSE Leap 42.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). CVE-2017-3633 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 6.1 AV:N/AC:H/Au:N/C:N/I:P/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3633.html CVE-2017-3633 https://bugzilla.suse.com/1049394 SUSE Bug 1049394 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3634 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3634.html CVE-2017-3634 https://bugzilla.suse.com/1049396 SUSE Bug 1049396 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3635 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3635.html CVE-2017-3635 https://bugzilla.suse.com/1049397 SUSE Bug 1049397 https://bugzilla.suse.com/1049398 SUSE Bug 1049398 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). CVE-2017-3636 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3636.html CVE-2017-3636 https://bugzilla.suse.com/1049399 SUSE Bug 1049399 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 https://bugzilla.suse.com/1054591 SUSE Bug 1054591 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3641 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3641.html CVE-2017-3641 https://bugzilla.suse.com/1049404 SUSE Bug 1049404 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 https://bugzilla.suse.com/1054591 SUSE Bug 1054591 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3647 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3647.html CVE-2017-3647 https://bugzilla.suse.com/1049410 SUSE Bug 1049410 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3648 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3648.html CVE-2017-3648 https://bugzilla.suse.com/1049411 SUSE Bug 1049411 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3649 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3649.html CVE-2017-3649 https://bugzilla.suse.com/1049412 SUSE Bug 1049412 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVE-2017-3651 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3651.html CVE-2017-3651 https://bugzilla.suse.com/1049415 SUSE Bug 1049415 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). CVE-2017-3652 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 moderate 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3652.html CVE-2017-3652 https://bugzilla.suse.com/1049416 SUSE Bug 1049416 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). CVE-2017-3653 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 low 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3653.html CVE-2017-3653 https://bugzilla.suse.com/1049417 SUSE Bug 1049417 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 https://bugzilla.suse.com/1054591 SUSE Bug 1054591 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. CVE-2017-3732 openSUSE Leap 42.2:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.2:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.2:mysql-community-server-tools-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client18-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-32bit-5.6.37-27.1 openSUSE Leap 42.3:libmysql56client_r18-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-bench-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-client-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-errormessages-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-test-5.6.37-27.1 openSUSE Leap 42.3:mysql-community-server-tools-5.6.37-27.1 low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00117.html https://www.suse.com/security/cve/CVE-2017-3732.html CVE-2017-3732 https://bugzilla.suse.com/1021641 SUSE Bug 1021641 https://bugzilla.suse.com/1022086 SUSE Bug 1022086 https://bugzilla.suse.com/1025354 SUSE Bug 1025354 https://bugzilla.suse.com/1049418 SUSE Bug 1049418 https://bugzilla.suse.com/1049421 SUSE Bug 1049421 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 https://bugzilla.suse.com/1066242 SUSE Bug 1066242 https://bugzilla.suse.com/1071906 SUSE Bug 1071906 https://bugzilla.suse.com/957814 SUSE Bug 957814