| Beschreibung: | Summary:
The remote host is missing an update for the 'MySQL'
package(s) announced via the referenced advisory.
Vulnerability Insight:
This update to MySQL 5.6.28 fixes the following issues (bsc#962779):
- CVE-2015-7744: Lack of verification against faults associated with the
Chinese Remainder Theorem (CRT) process when allowing ephemeral key
exchange without low memory optimizations on a server, which makes it
easier for remote attackers to obtain private RSA keys by capturing TLS
handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and
earlier and 5.6.11 and earlier allows remote authenticated users to
affect availability via unknown vectors related to Optimizer.
- CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and
earlier and 5.7.9 allows remote authenticated users to affect
availability via vectors related to DML, a different vulnerability than
CVE-2016-0504.
- CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and
earlier and 5.7.9 allows remote authenticated users to affect
availability via vectors related to DML, a different vulnerability than
CVE-2016-0503.
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to Options.
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect
confidentiality, integrity, and availability via unknown vectors related
to Client.
- CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and
earlier allows remote authenticated users to affect availability via
vectors related to DML.
- CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and
earlier allows remote authenticated users to affect availability via
vectors related to DML.
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier and 5.6.27 and earlier allows remote authenticated users to
affect availability via vectors related to DML.
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via vectors related to DML.
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and
earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users
to affect availability via unknown vectors re ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
MySQL on openSUSE 13.1
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
