Overview

File _patchinfo of Package patchinfo.4596

<patchinfo incident="4596">
  <issue id="959724" tracker="bnc">VUL-1: mysql: buffer overflow issues fixed in 5.5.47</issue>
  <issue id="962779" tracker="bnc">VUL-0: mysql: Oracle Critical Patch Update Advisory - January 2016</issue> 
  <issue id="957174" tracker="bnc" />
  <category>security</category>
  <rating>important</rating>
  <packager>kstreitova</packager>
  <summary>Security update for MySQL</summary> 
    <issue id="CVE-2015-5969" tracker="cve" />
    <issue id="CVE-2016-0546" tracker="cve" />
    <issue id="CVE-2016-0504" tracker="cve" />
    <issue id="CVE-2016-0505" tracker="cve" />
    <issue id="CVE-2016-0594" tracker="cve" />
    <issue id="CVE-2016-0595" tracker="cve" />
    <issue id="CVE-2016-0503" tracker="cve" />
    <issue id="CVE-2016-0596" tracker="cve" />
    <issue id="CVE-2016-0502" tracker="cve" />
    <issue id="CVE-2016-0597" tracker="cve" />
    <issue id="CVE-2016-0611" tracker="cve" />
    <issue id="CVE-2016-0598" tracker="cve" />
    <issue id="CVE-2016-0600" tracker="cve" />
    <issue id="CVE-2016-0610" tracker="cve" />
    <issue id="CVE-2016-0606" tracker="cve" />
    <issue id="CVE-2016-0608" tracker="cve" />
    <issue id="CVE-2016-0607" tracker="cve" />
    <issue id="CVE-2015-7744" tracker="cve" />
    <issue id="CVE-2016-0605" tracker="cve" />
    <issue id="CVE-2016-0609" tracker="cve" />
  <description>This update to MySQL 5.6.28 fixes the following issues (bsc#962779):
    
- CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. 
- CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. 
- CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. 
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. 
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. 
- CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. 
- CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. 
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. 
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. 
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. 
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. 
- CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. 
- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. 
- CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. 
- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. 
- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. 
- CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. 
- CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2015-5969: Fixed information leak via mysql-systemd-helper script. (bsc#957174)
- bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places