libmariadbd-devel-10.6.4-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11038 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmariadbd-devel-10.6.4-2.1 on GA media These are all security issues fixed in the libmariadbd-devel-10.6.4-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11038 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11038 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-0903/ SUSE CVE CVE-2006-0903 page https://www.suse.com/security/cve/CVE-2006-4226/ SUSE CVE CVE-2006-4226 page https://www.suse.com/security/cve/CVE-2007-5969/ SUSE CVE CVE-2007-5969 page https://www.suse.com/security/cve/CVE-2007-6303/ SUSE CVE CVE-2007-6303 page https://www.suse.com/security/cve/CVE-2007-6304/ SUSE CVE CVE-2007-6304 page https://www.suse.com/security/cve/CVE-2008-2079/ SUSE CVE CVE-2008-2079 page https://www.suse.com/security/cve/CVE-2015-4879/ SUSE CVE CVE-2015-4879 page https://www.suse.com/security/cve/CVE-2016-0505/ SUSE CVE CVE-2016-0505 page https://www.suse.com/security/cve/CVE-2016-0598/ SUSE CVE CVE-2016-0598 page https://www.suse.com/security/cve/CVE-2016-0609/ SUSE CVE CVE-2016-0609 page https://www.suse.com/security/cve/CVE-2016-0641/ SUSE CVE CVE-2016-0641 page https://www.suse.com/security/cve/CVE-2016-0649/ SUSE CVE CVE-2016-0649 page https://www.suse.com/security/cve/CVE-2016-2047/ SUSE CVE CVE-2016-2047 page https://www.suse.com/security/cve/CVE-2016-5440/ SUSE CVE CVE-2016-5440 page https://www.suse.com/security/cve/CVE-2016-5584/ SUSE CVE CVE-2016-5584 page https://www.suse.com/security/cve/CVE-2016-5624/ SUSE CVE CVE-2016-5624 page https://www.suse.com/security/cve/CVE-2016-6664/ SUSE CVE CVE-2016-6664 page https://www.suse.com/security/cve/CVE-2016-7440/ SUSE CVE CVE-2016-7440 page https://www.suse.com/security/cve/CVE-2016-8283/ SUSE CVE CVE-2016-8283 page https://www.suse.com/security/cve/CVE-2017-10320/ SUSE CVE CVE-2017-10320 page https://www.suse.com/security/cve/CVE-2017-10378/ SUSE CVE CVE-2017-10378 page https://www.suse.com/security/cve/CVE-2017-10384/ SUSE CVE CVE-2017-10384 page https://www.suse.com/security/cve/CVE-2017-3243/ SUSE CVE CVE-2017-3243 page https://www.suse.com/security/cve/CVE-2017-3257/ SUSE CVE CVE-2017-3257 page https://www.suse.com/security/cve/CVE-2017-3265/ SUSE CVE CVE-2017-3265 page https://www.suse.com/security/cve/CVE-2017-3302/ SUSE CVE CVE-2017-3302 page https://www.suse.com/security/cve/CVE-2017-3308/ SUSE CVE CVE-2017-3308 page https://www.suse.com/security/cve/CVE-2017-3312/ SUSE CVE CVE-2017-3312 page https://www.suse.com/security/cve/CVE-2017-3313/ SUSE CVE CVE-2017-3313 page https://www.suse.com/security/cve/CVE-2017-3318/ SUSE CVE CVE-2017-3318 page https://www.suse.com/security/cve/CVE-2017-3456/ SUSE CVE CVE-2017-3456 page https://www.suse.com/security/cve/CVE-2017-3636/ SUSE CVE CVE-2017-3636 page https://www.suse.com/security/cve/CVE-2018-2562/ SUSE CVE CVE-2018-2562 page https://www.suse.com/security/cve/CVE-2018-2668/ SUSE CVE CVE-2018-2668 page https://www.suse.com/security/cve/CVE-2018-2755/ SUSE CVE CVE-2018-2755 page https://www.suse.com/security/cve/CVE-2018-2767/ SUSE CVE CVE-2018-2767 page https://www.suse.com/security/cve/CVE-2018-2781/ SUSE CVE CVE-2018-2781 page https://www.suse.com/security/cve/CVE-2018-2782/ SUSE CVE CVE-2018-2782 page https://www.suse.com/security/cve/CVE-2018-2786/ SUSE CVE CVE-2018-2786 page https://www.suse.com/security/cve/CVE-2018-3058/ SUSE CVE CVE-2018-3058 page https://www.suse.com/security/cve/CVE-2018-3060/ SUSE CVE CVE-2018-3060 page https://www.suse.com/security/cve/CVE-2018-3064/ SUSE CVE CVE-2018-3064 page https://www.suse.com/security/cve/CVE-2018-3156/ SUSE CVE CVE-2018-3156 page https://www.suse.com/security/cve/CVE-2018-3162/ SUSE CVE CVE-2018-3162 page https://www.suse.com/security/cve/CVE-2018-3174/ SUSE CVE CVE-2018-3174 page https://www.suse.com/security/cve/CVE-2018-3185/ SUSE CVE CVE-2018-3185 page https://www.suse.com/security/cve/CVE-2018-3200/ SUSE CVE CVE-2018-3200 page https://www.suse.com/security/cve/CVE-2018-3282/ SUSE CVE CVE-2018-3282 page https://www.suse.com/security/cve/CVE-2019-18901/ SUSE CVE CVE-2019-18901 page https://www.suse.com/security/cve/CVE-2019-2503/ SUSE CVE CVE-2019-2503 page https://www.suse.com/security/cve/CVE-2019-2510/ SUSE CVE CVE-2019-2510 page https://www.suse.com/security/cve/CVE-2019-2614/ SUSE CVE CVE-2019-2614 page https://www.suse.com/security/cve/CVE-2019-2758/ SUSE CVE CVE-2019-2758 page https://www.suse.com/security/cve/CVE-2019-2805/ SUSE CVE CVE-2019-2805 page https://www.suse.com/security/cve/CVE-2019-2974/ SUSE CVE CVE-2019-2974 page https://www.suse.com/security/cve/CVE-2020-13249/ SUSE CVE CVE-2020-13249 page https://www.suse.com/security/cve/CVE-2020-14789/ SUSE CVE CVE-2020-14789 page https://www.suse.com/security/cve/CVE-2020-14812/ SUSE CVE CVE-2020-14812 page https://www.suse.com/security/cve/CVE-2020-15180/ SUSE CVE CVE-2020-15180 page https://www.suse.com/security/cve/CVE-2020-2574/ SUSE CVE CVE-2020-2574 page https://www.suse.com/security/cve/CVE-2020-2752/ SUSE CVE CVE-2020-2752 page https://www.suse.com/security/cve/CVE-2020-7221/ SUSE CVE CVE-2020-7221 page https://www.suse.com/security/cve/CVE-2021-2154/ SUSE CVE CVE-2021-2154 page https://www.suse.com/security/cve/CVE-2021-2372/ SUSE CVE CVE-2021-2372 page https://www.suse.com/security/cve/CVE-2021-2389/ SUSE CVE CVE-2021-2389 page openSUSE Tumbleweed libmariadbd-devel-10.6.4-2.1 libmariadbd19-10.6.4-2.1 mariadb-10.6.4-2.1 mariadb-bench-10.6.4-2.1 mariadb-client-10.6.4-2.1 mariadb-errormessages-10.6.4-2.1 mariadb-galera-10.6.4-2.1 mariadb-rpm-macros-10.6.4-2.1 mariadb-test-10.6.4-2.1 mariadb-tools-10.6.4-2.1 libmariadbd-devel-10.6.4-2.1 as a component of openSUSE Tumbleweed libmariadbd19-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-bench-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-client-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-errormessages-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-galera-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-rpm-macros-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-test-10.6.4-2.1 as a component of openSUSE Tumbleweed mariadb-tools-10.6.4-2.1 as a component of openSUSE Tumbleweed MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. CVE-2006-0903 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0903.html CVE-2006-0903 https://bugzilla.suse.com/163157 SUSE Bug 163157 MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. CVE-2006-4226 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-4226.html CVE-2006-4226 https://bugzilla.suse.com/201711 SUSE Bug 201711 MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. CVE-2007-5969 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5969.html CVE-2007-5969 https://bugzilla.suse.com/347223 SUSE Bug 347223 https://bugzilla.suse.com/348003 SUSE Bug 348003 https://bugzilla.suse.com/348307 SUSE Bug 348307 MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. CVE-2007-6303 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-6303.html CVE-2007-6303 https://bugzilla.suse.com/348003 SUSE Bug 348003 The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. CVE-2007-6304 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-6304.html CVE-2007-6304 https://bugzilla.suse.com/348003 SUSE Bug 348003 MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. CVE-2008-2079 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2079.html CVE-2008-2079 https://bugzilla.suse.com/387746 SUSE Bug 387746 https://bugzilla.suse.com/425079 SUSE Bug 425079 https://bugzilla.suse.com/497546 SUSE Bug 497546 https://bugzilla.suse.com/557669 SUSE Bug 557669 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. CVE-2015-4879 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4879.html CVE-2015-4879 https://bugzilla.suse.com/951391 SUSE Bug 951391 https://bugzilla.suse.com/958790 SUSE Bug 958790 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. CVE-2016-0505 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0505.html CVE-2016-0505 https://bugzilla.suse.com/962779 SUSE Bug 962779 https://bugzilla.suse.com/962817 SUSE Bug 962817 https://bugzilla.suse.com/962930 SUSE Bug 962930 https://bugzilla.suse.com/962931 SUSE Bug 962931 https://bugzilla.suse.com/962932 SUSE Bug 962932 https://bugzilla.suse.com/962934 SUSE Bug 962934 https://bugzilla.suse.com/962935 SUSE Bug 962935 https://bugzilla.suse.com/962936 SUSE Bug 962936 https://bugzilla.suse.com/962937 SUSE Bug 962937 https://bugzilla.suse.com/962938 SUSE Bug 962938 https://bugzilla.suse.com/962939 SUSE Bug 962939 https://bugzilla.suse.com/962941 SUSE Bug 962941 https://bugzilla.suse.com/962942 SUSE Bug 962942 https://bugzilla.suse.com/962943 SUSE Bug 962943 https://bugzilla.suse.com/962944 SUSE Bug 962944 https://bugzilla.suse.com/962945 SUSE Bug 962945 https://bugzilla.suse.com/962946 SUSE Bug 962946 https://bugzilla.suse.com/962947 SUSE Bug 962947 https://bugzilla.suse.com/962948 SUSE Bug 962948 https://bugzilla.suse.com/962949 SUSE Bug 962949 https://bugzilla.suse.com/962950 SUSE Bug 962950 https://bugzilla.suse.com/962951 SUSE Bug 962951 https://bugzilla.suse.com/962952 SUSE Bug 962952 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. CVE-2016-0598 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0598.html CVE-2016-0598 https://bugzilla.suse.com/962779 SUSE Bug 962779 https://bugzilla.suse.com/962817 SUSE Bug 962817 https://bugzilla.suse.com/962930 SUSE Bug 962930 https://bugzilla.suse.com/962931 SUSE Bug 962931 https://bugzilla.suse.com/962932 SUSE Bug 962932 https://bugzilla.suse.com/962934 SUSE Bug 962934 https://bugzilla.suse.com/962935 SUSE Bug 962935 https://bugzilla.suse.com/962936 SUSE Bug 962936 https://bugzilla.suse.com/962937 SUSE Bug 962937 https://bugzilla.suse.com/962938 SUSE Bug 962938 https://bugzilla.suse.com/962939 SUSE Bug 962939 https://bugzilla.suse.com/962941 SUSE Bug 962941 https://bugzilla.suse.com/962942 SUSE Bug 962942 https://bugzilla.suse.com/962943 SUSE Bug 962943 https://bugzilla.suse.com/962944 SUSE Bug 962944 https://bugzilla.suse.com/962945 SUSE Bug 962945 https://bugzilla.suse.com/962946 SUSE Bug 962946 https://bugzilla.suse.com/962947 SUSE Bug 962947 https://bugzilla.suse.com/962948 SUSE Bug 962948 https://bugzilla.suse.com/962949 SUSE Bug 962949 https://bugzilla.suse.com/962950 SUSE Bug 962950 https://bugzilla.suse.com/962951 SUSE Bug 962951 https://bugzilla.suse.com/962952 SUSE Bug 962952 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. CVE-2016-0609 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 1.7 AV:N/AC:H/Au:M/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0609.html CVE-2016-0609 https://bugzilla.suse.com/962779 SUSE Bug 962779 https://bugzilla.suse.com/962817 SUSE Bug 962817 https://bugzilla.suse.com/962930 SUSE Bug 962930 https://bugzilla.suse.com/962931 SUSE Bug 962931 https://bugzilla.suse.com/962932 SUSE Bug 962932 https://bugzilla.suse.com/962934 SUSE Bug 962934 https://bugzilla.suse.com/962935 SUSE Bug 962935 https://bugzilla.suse.com/962936 SUSE Bug 962936 https://bugzilla.suse.com/962937 SUSE Bug 962937 https://bugzilla.suse.com/962938 SUSE Bug 962938 https://bugzilla.suse.com/962939 SUSE Bug 962939 https://bugzilla.suse.com/962941 SUSE Bug 962941 https://bugzilla.suse.com/962942 SUSE Bug 962942 https://bugzilla.suse.com/962943 SUSE Bug 962943 https://bugzilla.suse.com/962944 SUSE Bug 962944 https://bugzilla.suse.com/962945 SUSE Bug 962945 https://bugzilla.suse.com/962946 SUSE Bug 962946 https://bugzilla.suse.com/962947 SUSE Bug 962947 https://bugzilla.suse.com/962948 SUSE Bug 962948 https://bugzilla.suse.com/962949 SUSE Bug 962949 https://bugzilla.suse.com/962950 SUSE Bug 962950 https://bugzilla.suse.com/962951 SUSE Bug 962951 https://bugzilla.suse.com/962952 SUSE Bug 962952 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. CVE-2016-0641 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 critical 5 AV:L/AC:L/Au:M/C:P/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0641.html CVE-2016-0641 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. CVE-2016-0649 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 critical 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0649.html CVE-2016-0649 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." CVE-2016-2047 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2047.html CVE-2016-2047 https://bugzilla.suse.com/963806 SUSE Bug 963806 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/980904 SUSE Bug 980904 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. CVE-2016-5440 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5440.html CVE-2016-5440 https://bugzilla.suse.com/989926 SUSE Bug 989926 https://bugzilla.suse.com/991616 SUSE Bug 991616 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 4.9 AV:N/AC:H/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5584.html CVE-2016-5584 https://bugzilla.suse.com/1005558 SUSE Bug 1005558 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2016-5624 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5624.html CVE-2016-5624 https://bugzilla.suse.com/1005564 SUSE Bug 1005564 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. CVE-2016-6664 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6664.html CVE-2016-6664 https://bugzilla.suse.com/1008253 SUSE Bug 1008253 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020873 SUSE Bug 1020873 https://bugzilla.suse.com/998309 SUSE Bug 998309 The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. CVE-2016-7440 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 low 4 AV:L/AC:H/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7440.html CVE-2016-7440 https://bugzilla.suse.com/1005581 SUSE Bug 1005581 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. CVE-2016-8283 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8283.html CVE-2016-8283 https://bugzilla.suse.com/1005582 SUSE Bug 1005582 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10320 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 5 AV:A/AC:L/Au:M/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10320.html CVE-2017-10320 https://bugzilla.suse.com/1064113 SUSE Bug 1064113 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10378 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10378.html CVE-2017-10378 https://bugzilla.suse.com/1064115 SUSE Bug 1064115 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076505 SUSE Bug 1076505 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10384 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10384.html CVE-2017-10384 https://bugzilla.suse.com/1064117 SUSE Bug 1064117 https://bugzilla.suse.com/1064119 SUSE Bug 1064119 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). CVE-2017-3243 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3243.html CVE-2017-3243 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020891 SUSE Bug 1020891 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVE-2017-3257 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3257.html CVE-2017-3257 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020878 SUSE Bug 1020878 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). CVE-2017-3265 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 5.5 AV:L/AC:H/Au:S/C:C/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3265.html CVE-2017-3265 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020885 SUSE Bug 1020885 Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. CVE-2017-3302 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3302.html CVE-2017-3302 https://bugzilla.suse.com/1022428 SUSE Bug 1022428 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1034911 SUSE Bug 1034911 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2017-3308 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3308.html CVE-2017-3308 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVE-2017-3312 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3312.html CVE-2017-3312 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020873 SUSE Bug 1020873 https://bugzilla.suse.com/998309 SUSE Bug 998309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). CVE-2017-3313 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 3.8 AV:L/AC:H/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3313.html CVE-2017-3313 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020890 SUSE Bug 1020890 https://bugzilla.suse.com/1034911 SUSE Bug 1034911 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). CVE-2017-3318 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 1 AV:L/AC:H/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3318.html CVE-2017-3318 https://bugzilla.suse.com/1020868 SUSE Bug 1020868 https://bugzilla.suse.com/1020896 SUSE Bug 1020896 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3456 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3456.html CVE-2017-3456 https://bugzilla.suse.com/1034850 SUSE Bug 1034850 https://bugzilla.suse.com/1048715 SUSE Bug 1048715 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). CVE-2017-3636 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3636.html CVE-2017-3636 https://bugzilla.suse.com/1049399 SUSE Bug 1049399 https://bugzilla.suse.com/1049422 SUSE Bug 1049422 https://bugzilla.suse.com/1054591 SUSE Bug 1054591 https://bugzilla.suse.com/1076506 SUSE Bug 1076506 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). CVE-2018-2562 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2562.html CVE-2018-2562 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2668 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2668.html CVE-2018-2668 https://bugzilla.suse.com/1076369 SUSE Bug 1076369 https://bugzilla.suse.com/1078431 SUSE Bug 1078431 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2755 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2755.html CVE-2018-2755 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2767 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2767.html CVE-2018-2767 https://bugzilla.suse.com/1088681 SUSE Bug 1088681 https://bugzilla.suse.com/1101675 SUSE Bug 1101675 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2781 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2781.html CVE-2018-2781 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2782 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2782.html CVE-2018-2782 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2018-2786 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2786.html CVE-2018-2786 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVE-2018-3058 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3058.html CVE-2018-3058 https://bugzilla.suse.com/1101676 SUSE Bug 1101676 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). CVE-2018-3060 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3060.html CVE-2018-3060 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). CVE-2018-3064 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3064.html CVE-2018-3064 https://bugzilla.suse.com/1103342 SUSE Bug 1103342 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-3156 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3156.html CVE-2018-3156 https://bugzilla.suse.com/1112417 SUSE Bug 1112417 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-3162 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3162.html CVE-2018-3162 https://bugzilla.suse.com/1112415 SUSE Bug 1112415 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). CVE-2018-3174 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3174.html CVE-2018-3174 https://bugzilla.suse.com/1112368 SUSE Bug 1112368 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2018-3185 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3185.html CVE-2018-3185 https://bugzilla.suse.com/1112384 SUSE Bug 1112384 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-3200 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3200.html CVE-2018-3200 https://bugzilla.suse.com/1112404 SUSE Bug 1112404 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-3282 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3282.html CVE-2018-3282 https://bugzilla.suse.com/1112432 SUSE Bug 1112432 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. CVE-2019-18901 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18901.html CVE-2019-18901 https://bugzilla.suse.com/1160285 SUSE Bug 1160285 https://bugzilla.suse.com/1160895 SUSE Bug 1160895 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). CVE-2019-2503 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2503.html CVE-2019-2503 https://bugzilla.suse.com/1122198 SUSE Bug 1122198 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2510 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2510.html CVE-2019-2510 https://bugzilla.suse.com/1122198 SUSE Bug 1122198 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2614 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2614.html CVE-2019-2614 https://bugzilla.suse.com/1132826 SUSE Bug 1132826 https://bugzilla.suse.com/1136035 SUSE Bug 1136035 https://bugzilla.suse.com/1141798 SUSE Bug 1141798 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2019-2758 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2758.html CVE-2019-2758 https://bugzilla.suse.com/1141798 SUSE Bug 1141798 https://bugzilla.suse.com/1156669 SUSE Bug 1156669 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2805 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2805.html CVE-2019-2805 https://bugzilla.suse.com/1132826 SUSE Bug 1132826 https://bugzilla.suse.com/1141798 SUSE Bug 1141798 https://bugzilla.suse.com/1156669 SUSE Bug 1156669 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2974 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2974.html CVE-2019-2974 https://bugzilla.suse.com/1154162 SUSE Bug 1154162 https://bugzilla.suse.com/1156669 SUSE Bug 1156669 libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. CVE-2020-13249 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13249.html CVE-2020-13249 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2020-14789 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14789.html CVE-2020-14789 https://bugzilla.suse.com/1178428 SUSE Bug 1178428 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2020-14812 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14812.html CVE-2020-14812 https://bugzilla.suse.com/1178428 SUSE Bug 1178428 A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. CVE-2020-15180 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15180.html CVE-2020-15180 https://bugzilla.suse.com/1177472 SUSE Bug 1177472 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2020-2574 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2574.html CVE-2020-2574 https://bugzilla.suse.com/1161085 SUSE Bug 1161085 https://bugzilla.suse.com/1162388 SUSE Bug 1162388 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2020-2752 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2752.html CVE-2020-2752 https://bugzilla.suse.com/1171550 SUSE Bug 1171550 mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. CVE-2020-7221 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7221.html CVE-2020-7221 https://bugzilla.suse.com/1160285 SUSE Bug 1160285 https://bugzilla.suse.com/1160868 SUSE Bug 1160868 https://bugzilla.suse.com/1160895 SUSE Bug 1160895 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2154 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2154.html CVE-2021-2154 https://bugzilla.suse.com/1185872 SUSE Bug 1185872 https://bugzilla.suse.com/1199955 SUSE Bug 1199955 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2372 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2372.html CVE-2021-2372 https://bugzilla.suse.com/1188549 SUSE Bug 1188549 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://bugzilla.suse.com/1199955 SUSE Bug 1199955 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2389 openSUSE Tumbleweed:libmariadbd-devel-10.6.4-2.1 openSUSE Tumbleweed:libmariadbd19-10.6.4-2.1 openSUSE Tumbleweed:mariadb-10.6.4-2.1 openSUSE Tumbleweed:mariadb-bench-10.6.4-2.1 openSUSE Tumbleweed:mariadb-client-10.6.4-2.1 openSUSE Tumbleweed:mariadb-errormessages-10.6.4-2.1 openSUSE Tumbleweed:mariadb-galera-10.6.4-2.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.6.4-2.1 openSUSE Tumbleweed:mariadb-test-10.6.4-2.1 openSUSE Tumbleweed:mariadb-tools-10.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2389.html CVE-2021-2389 https://bugzilla.suse.com/1188549 SUSE Bug 1188549 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://bugzilla.suse.com/1199955 SUSE Bug 1199955