   SUSE Security Update: mysql
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1333-1
Rating:             moderate
References:         #1089987 
Cross-References:   CVE-2018-2755 CVE-2018-2761 CVE-2018-2771
                    CVE-2018-2773 CVE-2018-2781 CVE-2018-2813
                    CVE-2018-2817 CVE-2018-2818 CVE-2018-2819
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:


     This update fixes the following issues:

     - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987).
     - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Client programs). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Difficult to exploit vulnerability allows unauthenticated attacker
       with network access via multiple protocols to compromise MySQL Server.
       Successful attacks of this vulnerability can result in unauthorized
       ability to cause a hang or frequently repeatable crash (complete DOS)
       of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS
       Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
     - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Server: Replication). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Difficult to exploit vulnerability allows unauthenticated attacker
       with logon to the infrastructure where MySQL Server executes to
       compromise MySQL Server. Successful attacks require human interaction
       from a person other than the attacker and while the vulnerability is
       in MySQL Server, attacks may significantly impact additional products.
       Successful attacks of this vulnerability can result in takeover of
       MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and
       Availability impacts). CVSS Vector:
       (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
     - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Server: Optimizer). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Easily exploitable vulnerability allows high privileged attacker with
       network access via multiple protocols to compromise MySQL Server.
       Successful attacks of this vulnerability can result in unauthorized
       ability to cause a hang or frequently repeatable crash (complete DOS)
       of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS
       Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
     - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: InnoDB). Supported versions that are affected are
       5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily
       exploitable vulnerability allows low privileged attacker with network
       access via multiple protocols to compromise MySQL Server. Successful
       attacks of this vulnerability can result in unauthorized ability to
       cause a hang or frequently repeatable crash (complete DOS) of MySQL
       Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
       (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
     - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Server : Security : Privileges). Supported
       versions that are affected are 5.5.59 and prior, 5.6.39 and prior and
       5.7.21 and prior. Easily exploitable vulnerability allows high
       privileged attacker with network access via multiple protocols to
       compromise MySQL Server. Successful attacks of this vulnerability can
       result in unauthorized ability to cause a hang or frequently
       repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score
       4.9 (Availability impacts). CVSS Vector:
       (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
     - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Server: DDL). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Easily exploitable vulnerability allows low privileged attacker with
       network access via multiple protocols to compromise MySQL Server.
       Successful attacks of this vulnerability can result in unauthorized
       ability to cause a hang or frequently repeatable crash (complete DOS)
       of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS
       Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
     - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Server: Locking). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Difficult to exploit vulnerability allows high privileged attacker
       with network access via multiple protocols to compromise MySQL Server.
       Successful attacks of this vulnerability can result in unauthorized
       ability to cause a hang or frequently repeatable crash (complete DOS)
       of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS
       Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
     - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Server: DDL). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Easily exploitable vulnerability allows low privileged attacker with
       network access via multiple protocols to compromise MySQL Server.
       Successful attacks of this vulnerability can result in unauthorized
       read access to a subset of MySQL Server accessible data. CVSS 3.0 Base
       Score 4.3 (Confidentiality impacts). CVSS Vector:
       (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
     - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle
       MySQL (subcomponent: Client programs). Supported versions that are
       affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.
       Difficult to exploit vulnerability allows high privileged attacker
       with logon to the infrastructure where MySQL Server executes to
       compromise MySQL Server. Successful attacks of this vulnerability can
       result in unauthorized ability to cause a hang or frequently
       repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score
       4.1 (Availability impacts). CVSS Vector:
       (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-mysql-13611=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-mysql-13611=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-mysql-13611=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libmysql55client_r18-32bit-5.5.60-0.39.12.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64):

      libmysql55client_r18-x86-5.5.60-0.39.12.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libmysql55client18-5.5.60-0.39.12.1
      libmysql55client_r18-5.5.60-0.39.12.1
      mysql-5.5.60-0.39.12.1
      mysql-client-5.5.60-0.39.12.1
      mysql-tools-5.5.60-0.39.12.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libmysql55client18-32bit-5.5.60-0.39.12.1
      libmysql55client_r18-32bit-5.5.60-0.39.12.1

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      libmysql55client18-x86-5.5.60-0.39.12.1
      libmysql55client_r18-x86-5.5.60-0.39.12.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mysql-debuginfo-5.5.60-0.39.12.1
      mysql-debugsource-5.5.60-0.39.12.1


References:

   https://www.suse.com/security/cve/CVE-2018-2755.html
   https://www.suse.com/security/cve/CVE-2018-2761.html
   https://www.suse.com/security/cve/CVE-2018-2771.html
   https://www.suse.com/security/cve/CVE-2018-2773.html
   https://www.suse.com/security/cve/CVE-2018-2781.html
   https://www.suse.com/security/cve/CVE-2018-2813.html
   https://www.suse.com/security/cve/CVE-2018-2817.html
   https://www.suse.com/security/cve/CVE-2018-2818.html
   https://www.suse.com/security/cve/CVE-2018-2819.html
   https://bugzilla.suse.com/1089987

SUSE: 2018:1333-1 moderate: mysql

May 18, 2018

An update that fixes 9 vulnerabilities is now available

Summary

This update fixes the following issues: - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13611=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13611=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13611=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.60-0.39.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.60-0.39.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.60-0.39.12.1 libmysql55client_r18-5.5.60-0.39.12.1 mysql-5.5.60-0.39.12.1 mysql-client-5.5.60-0.39.12.1 mysql-tools-5.5.60-0.39.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.60-0.39.12.1 libmysql55client_r18-32bit-5.5.60-0.39.12.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.60-0.39.12.1 libmysql55client_r18-x86-5.5.60-0.39.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.60-0.39.12.1 mysql-debugsource-5.5.60-0.39.12.1

References

#1089987

Cross- CVE-2018-2755 CVE-2018-2761 CVE-2018-2771

CVE-2018-2773 CVE-2018-2781 CVE-2018-2813

CVE-2018-2817 CVE-2018-2818 CVE-2018-2819

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-2755.html

https://www.suse.com/security/cve/CVE-2018-2761.html

https://www.suse.com/security/cve/CVE-2018-2771.html

https://www.suse.com/security/cve/CVE-2018-2773.html

https://www.suse.com/security/cve/CVE-2018-2781.html

https://www.suse.com/security/cve/CVE-2018-2813.html

https://www.suse.com/security/cve/CVE-2018-2817.html

https://www.suse.com/security/cve/CVE-2018-2818.html

https://www.suse.com/security/cve/CVE-2018-2819.html

https://bugzilla.suse.com/1089987

Severity

Announcement ID: SUSE-SU-2018:1333-1

Rating: moderate

What Are You Looking For?

SUSE: 2018:1333-1 moderate: mysql

Summary

References

Linux version of Qilin ransomware focuses on VMware ESXi

The Rust Foundation to Develop Training and Certification Program

How Meta Patches Linux at Hyperscale

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

What Are You Looking For?

SUSE: 2018:1333-1 moderate: mysql

Summary

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By