libmysqlclient-devel-10.0.22-3.8 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10153-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmysqlclient-devel-10.0.22-3.8 on GA media These are all security issues fixed in the libmysqlclient-devel-10.0.22-3.8 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10153 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-5970/ SUSE CVE CVE-2007-5970 page https://www.suse.com/security/cve/CVE-2008-7247/ SUSE CVE CVE-2008-7247 page https://www.suse.com/security/cve/CVE-2009-4019/ SUSE CVE CVE-2009-4019 page https://www.suse.com/security/cve/CVE-2009-4028/ SUSE CVE CVE-2009-4028 page https://www.suse.com/security/cve/CVE-2009-4030/ SUSE CVE CVE-2009-4030 page https://www.suse.com/security/cve/CVE-2012-4414/ SUSE CVE CVE-2012-4414 page https://www.suse.com/security/cve/CVE-2012-5611/ SUSE CVE CVE-2012-5611 page https://www.suse.com/security/cve/CVE-2012-5612/ SUSE CVE CVE-2012-5612 page https://www.suse.com/security/cve/CVE-2012-5615/ SUSE CVE CVE-2012-5615 page https://www.suse.com/security/cve/CVE-2012-5627/ SUSE CVE CVE-2012-5627 page https://www.suse.com/security/cve/CVE-2013-1976/ SUSE CVE CVE-2013-1976 page https://www.suse.com/security/cve/CVE-2015-4792/ SUSE CVE CVE-2015-4792 page https://www.suse.com/security/cve/CVE-2015-4802/ SUSE CVE CVE-2015-4802 page https://www.suse.com/security/cve/CVE-2015-4807/ SUSE CVE CVE-2015-4807 page https://www.suse.com/security/cve/CVE-2015-4815/ SUSE CVE CVE-2015-4815 page https://www.suse.com/security/cve/CVE-2015-4826/ SUSE CVE CVE-2015-4826 page https://www.suse.com/security/cve/CVE-2015-4830/ SUSE CVE CVE-2015-4830 page https://www.suse.com/security/cve/CVE-2015-4836/ SUSE CVE CVE-2015-4836 page https://www.suse.com/security/cve/CVE-2015-4858/ SUSE CVE CVE-2015-4858 page https://www.suse.com/security/cve/CVE-2015-4861/ SUSE CVE CVE-2015-4861 page https://www.suse.com/security/cve/CVE-2015-4870/ SUSE CVE CVE-2015-4870 page https://www.suse.com/security/cve/CVE-2015-4913/ SUSE CVE CVE-2015-4913 page https://www.suse.com/security/cve/CVE-2015-5969/ SUSE CVE CVE-2015-5969 page openSUSE Tumbleweed libmysqlclient-devel-10.0.22-3.8 libmysqlclient18-10.0.22-3.8 libmysqlclient18-32bit-10.0.22-3.8 libmysqlclient_r18-10.0.22-3.8 libmysqlclient_r18-32bit-10.0.22-3.8 libmysqld-devel-10.0.22-3.8 libmysqld18-10.0.22-3.8 mariadb-10.0.22-3.8 mariadb-bench-10.0.22-3.8 mariadb-client-10.0.22-3.8 mariadb-errormessages-10.0.22-3.8 mariadb-test-10.0.22-3.8 mariadb-tools-10.0.22-3.8 libmysqlclient-devel-10.0.22-3.8 as a component of openSUSE Tumbleweed libmysqlclient18-10.0.22-3.8 as a component of openSUSE Tumbleweed libmysqlclient18-32bit-10.0.22-3.8 as a component of openSUSE Tumbleweed libmysqlclient_r18-10.0.22-3.8 as a component of openSUSE Tumbleweed libmysqlclient_r18-32bit-10.0.22-3.8 as a component of openSUSE Tumbleweed libmysqld-devel-10.0.22-3.8 as a component of openSUSE Tumbleweed libmysqld18-10.0.22-3.8 as a component of openSUSE Tumbleweed mariadb-10.0.22-3.8 as a component of openSUSE Tumbleweed mariadb-bench-10.0.22-3.8 as a component of openSUSE Tumbleweed mariadb-client-10.0.22-3.8 as a component of openSUSE Tumbleweed mariadb-errormessages-10.0.22-3.8 as a component of openSUSE Tumbleweed mariadb-test-10.0.22-3.8 as a component of openSUSE Tumbleweed mariadb-tools-10.0.22-3.8 as a component of openSUSE Tumbleweed MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. CVE-2007-5970 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5970.html CVE-2007-5970 https://bugzilla.suse.com/348307 SUSE Bug 348307 sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. CVE-2008-7247 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-7247.html CVE-2008-7247 https://bugzilla.suse.com/557669 SUSE Bug 557669 https://bugzilla.suse.com/604528 SUSE Bug 604528 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. CVE-2009-4019 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-4019.html CVE-2009-4019 https://bugzilla.suse.com/557669 SUSE Bug 557669 https://bugzilla.suse.com/604528 SUSE Bug 604528 The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. CVE-2009-4028 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-4028.html CVE-2009-4028 https://bugzilla.suse.com/557669 SUSE Bug 557669 https://bugzilla.suse.com/604528 SUSE Bug 604528 MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. CVE-2009-4030 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-4030.html CVE-2009-4030 https://bugzilla.suse.com/557669 SUSE Bug 557669 https://bugzilla.suse.com/604528 SUSE Bug 604528 Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. CVE-2012-4414 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4414.html CVE-2012-4414 https://bugzilla.suse.com/779476 SUSE Bug 779476 Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. CVE-2012-5611 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5611.html CVE-2012-5611 https://bugzilla.suse.com/792362 SUSE Bug 792362 https://bugzilla.suse.com/792444 SUSE Bug 792444 https://bugzilla.suse.com/798753 SUSE Bug 798753 Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. CVE-2012-5612 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5612.html CVE-2012-5612 https://bugzilla.suse.com/792443 SUSE Bug 792443 https://bugzilla.suse.com/798753 SUSE Bug 798753 Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. CVE-2012-5615 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5615.html CVE-2012-5615 https://bugzilla.suse.com/792440 SUSE Bug 792440 https://bugzilla.suse.com/901237 SUSE Bug 901237 https://bugzilla.suse.com/915913 SUSE Bug 915913 Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. CVE-2012-5627 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5627.html CVE-2012-5627 https://bugzilla.suse.com/792679 SUSE Bug 792679 The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. CVE-2013-1976 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1976.html CVE-2013-1976 https://bugzilla.suse.com/822177 SUSE Bug 822177 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. CVE-2015-4792 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 1.7 AV:N/AC:H/Au:M/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4792.html CVE-2015-4792 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. CVE-2015-4802 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4802.html CVE-2015-4802 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. CVE-2015-4807 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4807.html CVE-2015-4807 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. CVE-2015-4815 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4815.html CVE-2015-4815 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. CVE-2015-4826 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4826.html CVE-2015-4826 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. CVE-2015-4830 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4830.html CVE-2015-4830 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. CVE-2015-4836 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 2.8 AV:N/AC:M/Au:M/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4836.html CVE-2015-4836 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. CVE-2015-4858 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4858.html CVE-2015-4858 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE-2015-4861 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4861.html CVE-2015-4861 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. CVE-2015-4870 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4870.html CVE-2015-4870 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. CVE-2015-4913 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 important 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4913.html CVE-2015-4913 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958789 SUSE Bug 958789 The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. CVE-2015-5969 openSUSE Tumbleweed:libmysqlclient-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-10.0.22-3.8 openSUSE Tumbleweed:libmysqlclient_r18-32bit-10.0.22-3.8 openSUSE Tumbleweed:libmysqld-devel-10.0.22-3.8 openSUSE Tumbleweed:libmysqld18-10.0.22-3.8 openSUSE Tumbleweed:mariadb-10.0.22-3.8 openSUSE Tumbleweed:mariadb-bench-10.0.22-3.8 openSUSE Tumbleweed:mariadb-client-10.0.22-3.8 openSUSE Tumbleweed:mariadb-errormessages-10.0.22-3.8 openSUSE Tumbleweed:mariadb-test-10.0.22-3.8 openSUSE Tumbleweed:mariadb-tools-10.0.22-3.8 low 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5969.html CVE-2015-5969 https://bugzilla.suse.com/957174 SUSE Bug 957174