1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2018:1333-1

[SUSE-SU-2018:1333-1] security update for mysql

Severity Moderate
Affected Packages 33
CVEs 9
Info Packages References Vulnerabilities

security update for mysql

This update fixes the following issues:

  • Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987).
  • CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
  • CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
  • CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Package Affected Version
pkg:rpm/suse/mysql?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql?arch=i586&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-tools?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-tools?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-tools?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-tools?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-tools?arch=i586&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-client?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-client?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-client?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-client?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/mysql-client?arch=i586&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18?arch=i586&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18-x86?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18-32bit?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18-32bit?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client_r18-32bit?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18?arch=i586&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18-x86?arch=ia64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18-32bit?arch=x86_64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18-32bit?arch=s390x&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
pkg:rpm/suse/libmysql55client18-32bit?arch=ppc64&distro=sles-11&sp=4 < 5.5.60-0.39.12.1
ID
SUSE-SU-2018:1333-1
Severity
moderate
URL
https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/
Published
2018-05-18T06:04:21
(6 years ago)
Modified
2018-05-18T06:04:21
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/mysql?arch=x86_64&distro=sles-11&sp=4 suse mysql < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/mysql?arch=s390x&distro=sles-11&sp=4 suse mysql < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/mysql?arch=ppc64&distro=sles-11&sp=4 suse mysql < 5.5.60-0.39.12.1 sles-11 ppc64
Affected pkg:rpm/suse/mysql?arch=ia64&distro=sles-11&sp=4 suse mysql < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/mysql?arch=i586&distro=sles-11&sp=4 suse mysql < 5.5.60-0.39.12.1 sles-11 i586
Affected pkg:rpm/suse/mysql-tools?arch=x86_64&distro=sles-11&sp=4 suse mysql-tools < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/mysql-tools?arch=s390x&distro=sles-11&sp=4 suse mysql-tools < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/mysql-tools?arch=ppc64&distro=sles-11&sp=4 suse mysql-tools < 5.5.60-0.39.12.1 sles-11 ppc64
Affected pkg:rpm/suse/mysql-tools?arch=ia64&distro=sles-11&sp=4 suse mysql-tools < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/mysql-tools?arch=i586&distro=sles-11&sp=4 suse mysql-tools < 5.5.60-0.39.12.1 sles-11 i586
Affected pkg:rpm/suse/mysql-client?arch=x86_64&distro=sles-11&sp=4 suse mysql-client < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/mysql-client?arch=s390x&distro=sles-11&sp=4 suse mysql-client < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/mysql-client?arch=ppc64&distro=sles-11&sp=4 suse mysql-client < 5.5.60-0.39.12.1 sles-11 ppc64
Affected pkg:rpm/suse/mysql-client?arch=ia64&distro=sles-11&sp=4 suse mysql-client < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/mysql-client?arch=i586&distro=sles-11&sp=4 suse mysql-client < 5.5.60-0.39.12.1 sles-11 i586
Affected pkg:rpm/suse/libmysql55client_r18?arch=x86_64&distro=sles-11&sp=4 suse libmysql55client_r18 < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/libmysql55client_r18?arch=s390x&distro=sles-11&sp=4 suse libmysql55client_r18 < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/libmysql55client_r18?arch=ppc64&distro=sles-11&sp=4 suse libmysql55client_r18 < 5.5.60-0.39.12.1 sles-11 ppc64
Affected pkg:rpm/suse/libmysql55client_r18?arch=ia64&distro=sles-11&sp=4 suse libmysql55client_r18 < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/libmysql55client_r18?arch=i586&distro=sles-11&sp=4 suse libmysql55client_r18 < 5.5.60-0.39.12.1 sles-11 i586
Affected pkg:rpm/suse/libmysql55client_r18-x86?arch=ia64&distro=sles-11&sp=4 suse libmysql55client_r18-x86 < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/libmysql55client_r18-32bit?arch=x86_64&distro=sles-11&sp=4 suse libmysql55client_r18-32bit < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/libmysql55client_r18-32bit?arch=s390x&distro=sles-11&sp=4 suse libmysql55client_r18-32bit < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/libmysql55client_r18-32bit?arch=ppc64&distro=sles-11&sp=4 suse libmysql55client_r18-32bit < 5.5.60-0.39.12.1 sles-11 ppc64
Affected pkg:rpm/suse/libmysql55client18?arch=x86_64&distro=sles-11&sp=4 suse libmysql55client18 < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/libmysql55client18?arch=s390x&distro=sles-11&sp=4 suse libmysql55client18 < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/libmysql55client18?arch=ppc64&distro=sles-11&sp=4 suse libmysql55client18 < 5.5.60-0.39.12.1 sles-11 ppc64
Affected pkg:rpm/suse/libmysql55client18?arch=ia64&distro=sles-11&sp=4 suse libmysql55client18 < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/libmysql55client18?arch=i586&distro=sles-11&sp=4 suse libmysql55client18 < 5.5.60-0.39.12.1 sles-11 i586
Affected pkg:rpm/suse/libmysql55client18-x86?arch=ia64&distro=sles-11&sp=4 suse libmysql55client18-x86 < 5.5.60-0.39.12.1 sles-11 ia64
Affected pkg:rpm/suse/libmysql55client18-32bit?arch=x86_64&distro=sles-11&sp=4 suse libmysql55client18-32bit < 5.5.60-0.39.12.1 sles-11 x86_64
Affected pkg:rpm/suse/libmysql55client18-32bit?arch=s390x&distro=sles-11&sp=4 suse libmysql55client18-32bit < 5.5.60-0.39.12.1 sles-11 s390x
Affected pkg:rpm/suse/libmysql55client18-32bit?arch=ppc64&distro=sles-11&sp=4 suse libmysql55client18-32bit < 5.5.60-0.39.12.1 sles-11 ppc64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date