Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Update
patchinfo.6697
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.6697
<patchinfo incident="6697"> <issue id="1020976" tracker="bnc">root umask 077 screws up the /etc/init.d/mysql init script</issue> <issue id="1022428" tracker="bnc">VUL-0: CVE-2017-3302: mariadb: Use after free in libmysqlclient.so</issue> <issue id="1029014" tracker="bnc">VUL-0: CVE-2016-5483: mysql: mysqldump: arbitrary SQL-queries and shell commands execution</issue> <issue id="1029396" tracker="bnc">VUL-0: CVE-2017-3305: mysql, mariadb: MySQL client send authentication request unencrypted even if SSL is REQUIRED (RIDDDLE.LINK)</issue> <issue id="1034850" tracker="bnc">VUL-0: mysql: April 2017 security update to 5.5.55</issue> <issue id="889126" tracker="bnc">MariaDB config files not seen by Unix non-root users. Permission Problem in Package</issue> <issue id="2016-5483" tracker="cve" /> <issue id="2017-3302" tracker="cve" /> <issue id="2017-3305" tracker="cve" /> <issue id="2017-3308" tracker="cve" /> <issue id="2017-3309" tracker="cve" /> <issue id="2017-3329" tracker="cve" /> <issue id="2017-3450" tracker="cve" /> <issue id="2017-3452" tracker="cve" /> <issue id="2017-3453" tracker="cve" /> <issue id="2017-3456" tracker="cve" /> <issue id="2017-3461" tracker="cve" /> <issue id="2017-3462" tracker="cve" /> <issue id="2017-3463" tracker="cve" /> <issue id="2017-3464" tracker="cve" /> <issue id="2017-3599" tracker="cve" /> <issue id="2017-3600" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>kstreitova</packager> <description> This update for mysql-community-server to version 5.6.36 fixes the following issues: These security issues were fixed: - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850) - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428). - CVE-2017-3450: Unspecified vulnerability Server: Memcached - CVE-2017-3452: Unspecified vulnerability Server: Optimizer - CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (boo#1034850) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) These non-security issues were fixed: - Set the default umask to 077 in mysql-systemd-helper (boo#1020976) - Change permissions of the configuration dir/files to 755/644. Please note that storing the password in the /etc/my.cnf file is not safe. Use for example an option file that is accessible only by yourself (boo#889126) For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html </description> <summary>Security update for mysql-community-server</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor