Bugzilla – Bug 1049421
VUL-0: CVE-2017-3732: mysql: Security, Encryption unspecified vulnerability
Last modified: 2017-07-29 14:49:20 UTC
Oracle July 2017 Patch Day. http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#MSQL Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption (OpenSSL)). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
| Codestream | Request | |--------------------|--------------------------| | openSUSE:Leap 42.2 | 512279 | | openSUSE:Leap 42.3 | 512279 | | openSUSE:Factory | - (dropped from Factory) | MySQL package in SLE11SP3 (5.5.x) is not affected. Everything is done here. Reassigning it back to the security team.
This is an autogenerated message for OBS integration: This bug (1049421) was mentioned in https://build.opensuse.org/request/show/512279 42.2+42.3 / mysql-community-server
done
openSUSE-SU-2017:2011-1: An update that solves 12 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1049394,1049396,1049398,1049399,1049404,1049410,1049411,1049412,1049415,1049416,1049417,1049421,1049422 CVE References: CVE-2017-3633,CVE-2017-3634,CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3647,CVE-2017-3648,CVE-2017-3649,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653,CVE-2017-3732 Sources used: openSUSE Leap 42.3 (src): mysql-community-server-5.6.37-27.1 openSUSE Leap 42.2 (src): mysql-community-server-5.6.37-24.9.1