ALT-BU-2016-3093-2

Branch sisyphus update bulletin.

Package mariadb updated to version 10.1.18-alt1 for branch sisyphus in task 171349.

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.0)Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (4.3)Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References:

Package puppet updated to version 4.7.0-alt2 for branch sisyphus in task 171220.

Не стартует после установки

Package apache2-mod_apreq updated to version 2.13-alt6 for branch sisyphus in task 171378.

Cannot load modules/mod_apreq2.so into server: /etc/httpd2/modules/mod_apreq2.so: undefined symbol: ap_log_rerror

Package openstack-nova updated to version 14.0.1-alt1 for branch sisyphus in task 170964.

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C