Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for mysql-community-server

This update for mysql-community-server to version 5.6.39 fixes several issues.

These security issues were fixed:

- CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily
exploitable vulnerability allowed low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
- CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily
exploitable vulnerability allowed low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server as well as unauthorized update,
insert or delete access to some of MySQL Server accessible data (bsc#1076369).
- CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily
exploitable vulnerability allowed low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
- CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer).
Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and
5.7.20 and prior. Easily exploitable vulnerability allowed low privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
(bsc#1076369).
- CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily
exploitable vulnerability allowed low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
- CVE-2018-2696: Vulnerability in the subcomponent: Server : Security :
Privileges). Supported versions that are affected are 5.6.38 and prior and
5.7.20 and prior. Easily exploitable vulnerability allowed unauthenticated
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
(bsc#1076369).
- CVE-2018-2583: Vulnerability in the subcomponent: Stored Procedure. Easily
exploitable vulnerability allowed high privileged attacker with network access
via multiple protocols to compromise MySQL Server. While the vulnerability is
in MySQL Server, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
(bsc#1076369).
- CVE-2018-2612: Vulnerability in the subcomponent: InnoDB. Easily exploitable
vulnerability allowed high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized creation, deletion or modification access to
critical data or all MySQL Server accessible data and unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
(bsc#1076369).
- CVE-2018-2703: Vulnerability in the subcomponent: Server : Security :
Privileges. Easily exploitable vulnerability allowed low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
(bsc#1076369).
- CVE-2018-2573: Vulnerability in the subcomponent: Server: GIS. Easily
exploitable vulnerability allowed low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
- CVE-2017-3737: OpenSSL introduced an "error state" mechanism. The intent was
that if a fatal error occurred during a handshake then OpenSSL would move into
the error state and would immediately fail if you attempted to continue the
handshake. This works as designed for the explicit handshake functions
(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it
did not work correctly if SSL_read() or SSL_write() is called directly. In that
scenario, if the handshake fails then a fatal error will be returned in the
initial function call. If SSL_read()/SSL_write() is subsequently called by the
application for the same SSL object then it will succeed and the data is passed
without being decrypted/encrypted directly from the SSL/TLS record layer. In
order to exploit this issue an application bug would have to be present that
resulted in a call to SSL_read()/SSL_write() being issued after having already
received a fatal error
- CVE-2018-2647: Vulnerability in the subcomponent: Server: Replication. Easily
exploitable vulnerability allowed high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server as well as unauthorized update,
insert or delete access to some of MySQL Server accessible data (bsc#1076369).
- CVE-2018-2591: Vulnerability in the subcomponent: Server : Partition. Easily
exploitable vulnerability allowed high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
- CVE-2018-2590: Vulnerability in the subcomponent: Server: Performance Schema.
Easily exploitable vulnerability allowed high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
- CVE-2018-2645: Vulnerability in the subcomponent: Server: Performance Schema.
Easily exploitable vulnerability allowed high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized access to critical data or
complete access to all MySQL Server accessible data (bsc#1076369).

For additional details please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html

Fixed bugs
bnc#1076369
VUL-0: mysql: update to 5.5.59 in Oracle Jan2018 CPU
CVE-2018-2591
CVE-2018-2590
CVE-2018-2647
CVE-2018-2668
CVE-2018-2696
CVE-2018-2583
CVE-2018-2562
CVE-2018-2573
CVE-2018-2703
CVE-2018-2645
CVE-2018-2665
CVE-2018-2622
CVE-2018-2640
CVE-2017-3737
CVE-2018-2612
Selected Binaries
openSUSE Build Service is sponsored by
Places