Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2932-1 Final 1 1 2016-11-28T15:26:50Z current 2016-11-28T15:26:50Z 2016-11-28T15:26:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes: - mysql_install_db can't find data files (bsc#1006539) - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Notable changes: * XtraDB updated to 5.6.33-79.0 * TokuDB updated to 5.6.33-79.0 * Innodb updated to 5.6.33 * Performance Schema updated to 5.6.33 - Release notes and upstream changelog: * https://kb.askmonty.org/en/mariadb-10028-release-notes * https://kb.askmonty.org/en/mariadb-10028-changelog The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SAP-12-2016-1718,SUSE-SLE-SERVER-12-2016-1718 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ Link for SUSE-SU-2016:2932-1 https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00042.html E-Mail link for SUSE-SU-2016:2932-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1001367 SUSE Bug 1001367 https://bugzilla.suse.com/1003800 SUSE Bug 1003800 https://bugzilla.suse.com/1005555 SUSE Bug 1005555 https://bugzilla.suse.com/1005558 SUSE Bug 1005558 https://bugzilla.suse.com/1005562 SUSE Bug 1005562 https://bugzilla.suse.com/1005564 SUSE Bug 1005564 https://bugzilla.suse.com/1005566 SUSE Bug 1005566 https://bugzilla.suse.com/1005569 SUSE Bug 1005569 https://bugzilla.suse.com/1005581 SUSE Bug 1005581 https://bugzilla.suse.com/1005582 SUSE Bug 1005582 https://bugzilla.suse.com/1006539 SUSE Bug 1006539 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 https://www.suse.com/security/cve/CVE-2016-3492/ SUSE CVE CVE-2016-3492 page https://www.suse.com/security/cve/CVE-2016-5584/ SUSE CVE CVE-2016-5584 page https://www.suse.com/security/cve/CVE-2016-5616/ SUSE CVE CVE-2016-5616 page https://www.suse.com/security/cve/CVE-2016-5624/ SUSE CVE CVE-2016-5624 page https://www.suse.com/security/cve/CVE-2016-5626/ SUSE CVE CVE-2016-5626 page https://www.suse.com/security/cve/CVE-2016-5629/ SUSE CVE CVE-2016-5629 page https://www.suse.com/security/cve/CVE-2016-6663/ SUSE CVE CVE-2016-6663 page https://www.suse.com/security/cve/CVE-2016-7440/ SUSE CVE CVE-2016-7440 page https://www.suse.com/security/cve/CVE-2016-8283/ SUSE CVE CVE-2016-8283 page SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 libmysqlclient-devel-10.0.28-20.16.2 libmysqlclient18-10.0.28-20.16.2 libmysqlclient18-32bit-10.0.28-20.16.2 libmysqlclient_r18-10.0.28-20.16.2 libmysqld-devel-10.0.28-20.16.2 libmysqld18-10.0.28-20.16.2 mariadb-10.0.28-20.16.2 mariadb-client-10.0.28-20.16.2 mariadb-errormessages-10.0.28-20.16.2 mariadb-tools-10.0.28-20.16.2 libmysqlclient-devel-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient18-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient18-32bit-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient_r18-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqld-devel-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqld18-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-client-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-errormessages-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-tools-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient-devel-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libmysqlclient18-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libmysqlclient18-32bit-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libmysqlclient_r18-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libmysqld-devel-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libmysqld18-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 mariadb-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 mariadb-client-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 mariadb-errormessages-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 mariadb-tools-10.0.28-20.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. CVE-2016-3492 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-3492.html CVE-2016-3492 https://bugzilla.suse.com/1005555 SUSE Bug 1005555 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 moderate 4.9 AV:N/AC:H/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-5584.html CVE-2016-5584 https://bugzilla.suse.com/1005558 SUSE Bug 1005558 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-5616 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 6 AV:L/AC:H/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-5616.html CVE-2016-5616 https://bugzilla.suse.com/1005562 SUSE Bug 1005562 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2016-5624 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-5624.html CVE-2016-5624 https://bugzilla.suse.com/1005564 SUSE Bug 1005564 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. CVE-2016-5626 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-5626.html CVE-2016-5626 https://bugzilla.suse.com/1005566 SUSE Bug 1005566 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. CVE-2016-5629 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-5629.html CVE-2016-5629 https://bugzilla.suse.com/1005569 SUSE Bug 1005569 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. CVE-2016-6663 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-6663.html CVE-2016-6663 https://bugzilla.suse.com/1001367 SUSE Bug 1001367 https://bugzilla.suse.com/1008253 SUSE Bug 1008253 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 https://bugzilla.suse.com/1021755 SUSE Bug 1021755 https://bugzilla.suse.com/998309 SUSE Bug 998309 The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. CVE-2016-7440 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 low 4 AV:L/AC:H/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-7440.html CVE-2016-7440 https://bugzilla.suse.com/1005581 SUSE Bug 1005581 https://bugzilla.suse.com/1008318 SUSE Bug 1008318 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. CVE-2016-8283 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient18-32bit-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqlclient_r18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld-devel-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:libmysqld18-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-client-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-errormessages-10.0.28-20.16.2 SUSE Linux Enterprise Server for SAP Applications 12:mariadb-tools-10.0.28-20.16.2 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ https://www.suse.com/security/cve/CVE-2016-8283.html CVE-2016-8283 https://bugzilla.suse.com/1005582 SUSE Bug 1005582 https://bugzilla.suse.com/1008318 SUSE Bug 1008318