All errata/sisyphus/ALT-PU-2015-2203-1
ALT-PU-2015-2203-1

Package update mariadb in branch sisyphus

Version10.1.10-alt1
Task#155443
Published2015-12-28
Max severityHIGH
Severity:

Closed issues (25)

BDU:2016-00166
MEDIUM6.8

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
References
BDU:2016-00168
HIGH7.2

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю выполнить произвольный код

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2016-00171
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-00172
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-00173
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-00175
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-00178
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю модифицировать данные

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
BDU:2016-00180
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-00181
LOW1.7

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 1.7
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:P
References
BDU:2016-00184
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01110
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-01118
MEDIUM4.3

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на целостность и доступность информации

Published: 2016-05-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:M/C:N/I:P/A:P
References
CVE-2016-0505
MEDIUM6.8

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2016-0546
HIGH7.2

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2016-0596
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2016-0597
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2016-0598
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0600
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0606
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
CVE-2016-0608
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0609
LOW1.7

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 1.7
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:P
References
CVE-2016-0616
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2016-0642
MEDIUM4.7

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:M/C:N/I:P/A:P
CVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
References
CVE-2016-0651
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-2047
MEDIUM5.9

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

Published: 2016-01-27Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References