Security update for mysql
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:1618-1
Final
1
1
2016-06-17T14:57:52Z
current
2016-06-17T14:57:52Z
2016-06-17T14:57:52Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for mysql
This update for mysql fixes the following issues:
- bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places
On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped:
- Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating
Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
sdksp4-mysql-12620,slessp4-mysql-12620
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20161618-1/
Link for SUSE-SU-2016:1618-1
https://lists.suse.com/pipermail/sle-security-updates/2016-June/002127.html
E-Mail link for SUSE-SU-2016:1618-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/934789
SUSE Bug 934789
https://bugzilla.suse.com/959724
SUSE Bug 959724
https://www.suse.com/security/cve/CVE-2015-4000/
SUSE CVE CVE-2015-4000 page
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
libmysqlclient-devel-5.0.96-0.8.10.3
libmysqlclient_r15-32bit-5.0.96-0.8.10.3
libmysqlclient_r15-x86-5.0.96-0.8.10.3
libmysqlclient15-5.0.96-0.8.10.3
libmysqlclient15-32bit-5.0.96-0.8.10.3
libmysqlclient15-x86-5.0.96-0.8.10.3
libmysqlclient_r15-5.0.96-0.8.10.3
libmysqlclient15-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server 11 SP4
libmysqlclient15-32bit-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server 11 SP4
libmysqlclient15-x86-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server 11 SP4
libmysqlclient_r15-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server 11 SP4
libmysqlclient15-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmysqlclient15-32bit-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmysqlclient15-x86-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmysqlclient_r15-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmysqlclient-devel-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4
libmysqlclient_r15-32bit-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4
libmysqlclient_r15-x86-5.0.96-0.8.10.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2015-4000
SUSE Linux Enterprise Server 11 SP4:libmysqlclient15-32bit-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11 SP4:libmysqlclient15-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11 SP4:libmysqlclient15-x86-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11 SP4:libmysqlclient_r15-5.0.96-0.8.10.3
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysqlclient15-32bit-5.0.96-0.8.10.3
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysqlclient15-5.0.96-0.8.10.3
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysqlclient15-x86-5.0.96-0.8.10.3
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysqlclient_r15-5.0.96-0.8.10.3
SUSE Linux Enterprise Software Development Kit 11 SP4:libmysqlclient-devel-5.0.96-0.8.10.3
SUSE Linux Enterprise Software Development Kit 11 SP4:libmysqlclient_r15-32bit-5.0.96-0.8.10.3
SUSE Linux Enterprise Software Development Kit 11 SP4:libmysqlclient_r15-x86-5.0.96-0.8.10.3
important
7.3
AV:N/AC:H/Au:N/C:C/I:C/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20161618-1/
https://www.suse.com/security/cve/CVE-2015-4000.html
CVE-2015-4000
https://bugzilla.suse.com/1074631
SUSE Bug 1074631
https://bugzilla.suse.com/1211968
SUSE Bug 1211968
https://bugzilla.suse.com/931600
SUSE Bug 931600
https://bugzilla.suse.com/931698
SUSE Bug 931698
https://bugzilla.suse.com/931723
SUSE Bug 931723
https://bugzilla.suse.com/931845
SUSE Bug 931845
https://bugzilla.suse.com/932026
SUSE Bug 932026
https://bugzilla.suse.com/932483
SUSE Bug 932483
https://bugzilla.suse.com/934789
SUSE Bug 934789
https://bugzilla.suse.com/935033
SUSE Bug 935033
https://bugzilla.suse.com/935540
SUSE Bug 935540
https://bugzilla.suse.com/935979
SUSE Bug 935979
https://bugzilla.suse.com/937202
SUSE Bug 937202
https://bugzilla.suse.com/937766
SUSE Bug 937766
https://bugzilla.suse.com/938248
SUSE Bug 938248
https://bugzilla.suse.com/938432
SUSE Bug 938432
https://bugzilla.suse.com/938895
SUSE Bug 938895
https://bugzilla.suse.com/938905
SUSE Bug 938905
https://bugzilla.suse.com/938906
SUSE Bug 938906
https://bugzilla.suse.com/938913
SUSE Bug 938913
https://bugzilla.suse.com/938945
SUSE Bug 938945
https://bugzilla.suse.com/943664
SUSE Bug 943664
https://bugzilla.suse.com/944729
SUSE Bug 944729
https://bugzilla.suse.com/945582
SUSE Bug 945582
https://bugzilla.suse.com/955589
SUSE Bug 955589
https://bugzilla.suse.com/980406
SUSE Bug 980406
https://bugzilla.suse.com/990592
SUSE Bug 990592
https://bugzilla.suse.com/994144
SUSE Bug 994144