Bug 1049422 - Tracker bug for the Oracle July 2017 Patch Day mysql
Summary: Tracker bug for the Oracle July 2017 Patch Day mysql
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on: 1049392 CVE-2017-3529 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 1049398 CVE-2017-3636 CVE-2017-3637 CVE-2017-3638 CVE-2017-3639 CVE-2017-3640 CVE-2017-3641 CVE-2017-3642 CVE-2017-3643 CVE-2017-3644 CVE-2017-3645 CVE-2017-3646 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3650 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 1049418 1049421
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-19 11:41 UTC by Johannes Segitz
Modified: 2018-01-24 09:37 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-07-19 11:41:32 UTC
This bug tracks the individual bugs opened for the Oracle July 2017 Patch Day

#1049392 NEW        - kstreitova@suse.com - VUL-0: CVE-2014-1912: mysql: CLSTCONF unspecified vulnerability
#1049393 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3529: mysql: UDF unspecified vulnerability
#1049394 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3633: mysql: Memcached unspecified vulnerability
#1049396 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3634: mysql: DML unspecified vulnerability
#1049397 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3635: mysql: C API unspecified vulnerability
#1049398 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3635: mysql: C API unspecified vulnerability
#1049399 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3636: mysql: Client programs unspecified vulnerability
#1049400 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3637: mysql: X Plugin unspecified vulnerability
#1049401 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3638: mysql: Optimizer unspecified vulnerability
#1049402 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3639: mysql: DML unspecified vulnerability
#1049403 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3640: mysql: DML unspecified vulnerability
#1049404 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3641: mysql: DML unspecified vulnerability
#1049405 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3642: mysql: Optimizer unspecified vulnerability
#1049406 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3643: mysql: DML unspecified vulnerability
#1049407 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3644: mysql: DML unspecified vulnerability
#1049408 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3645: mysql: Optimizer unspecified vulnerability
#1049409 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3646: mysql: X Plugin unspecified vulnerability
#1049410 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3647: mysql: Replication unspecified vulnerability
#1049411 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3648: mysql: Charsets unspecified vulnerability
#1049412 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3649: mysql: Replication unspecified vulnerability
#1049414 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3650: mysql: C API unspecified vulnerability
#1049415 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3651: mysql: Client mysqldump unspecified vulnerability
#1049416 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3652: mysql: DDL unspecified vulnerability
#1049417 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3653: mysql: DDL unspecified vulnerability
#1049418 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3732: mysql: Connector/ODBC unspecified vulnerability
#1049421 NEW        - kstreitova@suse.com - VUL-0: CVE-2017-3732: mysql: Security, Encryption unspecified vulnerability
Comment 1 Kristyna Streitova 2017-07-19 14:47:18 UTC
Sorted:

CVEs relevant to MySQL 5.5.x (SLE11SP3)
---------------------------------------
#1049398 - CVE-2017-3635: mysql: C API unspecified vulnerability
#1049399 - CVE-2017-3636: mysql: Client programs unspecified vulnerability
#1049404 - CVE-2017-3641: mysql: DML unspecified vulnerability
#1049411 - CVE-2017-3648: mysql: Charsets unspecified vulnerability
#1049415 - CVE-2017-3651: mysql: Client mysqldump unspecified vulnerability
#1049416 - CVE-2017-3652: mysql: DDL unspecified vulnerability
#1049417 - CVE-2017-3653: mysql: DDL unspecified vulnerability

CVEs relevant to MySQL 5.6.x (openSUSE)
---------------------------------------
#1049394 - CVE-2017-3633: mysql: Memcached unspecified vulnerability
#1049396 - CVE-2017-3634: mysql: DML unspecified vulnerability
#1049398 - CVE-2017-3635: mysql: C API unspecified vulnerability
#1049399 - CVE-2017-3636: mysql: Client programs unspecified vulnerability
#1049404 - CVE-2017-3641: mysql: DML unspecified vulnerability
#1049410 - CVE-2017-3647: mysql: Replication unspecified vulnerability
#1049411 - CVE-2017-3648: mysql: Charsets unspecified vulnerability
#1049412 - CVE-2017-3649: mysql: Replication unspecified vulnerability
#1049415 - CVE-2017-3651: mysql: Client mysqldump unspecified vulnerability
#1049416 - CVE-2017-3652: mysql: DDL unspecified vulnerability
#1049417 - CVE-2017-3653: mysql: DDL unspecified vulnerability
#1049421 - CVE-2017-3732: mysql: Security, Encryption unspecified vulnerability


CVEs excluded from the update
=============================

MySQL Cluster vulnerability
---------------------------
#1049392 - CVE-2014-1912: mysql: CLSTCONF unspecified vulnerability

MySQL Connectors bugs
---------------------
#1049397 - CVE-2017-3635: mysql: C API unspecified vulnerability 
#1049418 - CVE-2017-3732: mysql: Connector/ODBC unspecified vulnerability

MySQL 5.7 only
--------------
#1049414 - CVE-2017-3650: mysql: C API unspecified vulnerability
#1049406 - CVE-2017-3643: mysql: DML unspecified vulnerability
#1049407 - CVE-2017-3644: mysql: DML unspecified vulnerability
#1049401 - CVE-2017-3638: mysql: Optimizer unspecified vulnerability
#1049405 - CVE-2017-3642: mysql: Optimizer unspecified vulnerability
#1049408 - CVE-2017-3645: mysql: Optimizer unspecified vulnerability
#1049409 - CVE-2017-3646: mysql: X Plugin unspecified vulnerability
#1049393 - CVE-2017-3529: mysql: UDF unspecified vulnerability
#1049400 - CVE-2017-3637: mysql: X Plugin unspecified vulnerability
#1049402 - CVE-2017-3639: mysql: DML unspecified vulnerability
#1049403 - CVE-2017-3640: mysql: DML unspecified vulnerability
Comment 3 Kristyna Streitova 2017-07-24 13:35:35 UTC
|     Codestream     |         Request          |
|--------------------|--------------------------|
| SLE-11-SP3         | 136079                   |
| openSUSE:Leap 42.2 | 512279                   |
| openSUSE:Leap 42.3 | 512279                   |
| openSUSE:Factory   | - (dropped from Factory) |


Everything is done here. Reassigning it back to the security team.
Comment 4 Bernhard Wiedemann 2017-07-24 14:02:39 UTC
This is an autogenerated message for OBS integration:
This bug (1049422) was mentioned in
https://build.opensuse.org/request/show/512279 42.2+42.3 / mysql-community-server
Comment 5 Swamp Workflow Management 2017-07-29 13:11:48 UTC
openSUSE-SU-2017:2011-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049394,1049396,1049398,1049399,1049404,1049410,1049411,1049412,1049415,1049416,1049417,1049421,1049422
CVE References: CVE-2017-3633,CVE-2017-3634,CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3647,CVE-2017-3648,CVE-2017-3649,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653,CVE-2017-3732
Sources used:
openSUSE Leap 42.3 (src):    mysql-community-server-5.6.37-27.1
openSUSE Leap 42.2 (src):    mysql-community-server-5.6.37-24.9.1
Comment 6 Swamp Workflow Management 2017-08-29 19:08:24 UTC
SUSE-SU-2017:2290-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049398,1049399,1049404,1049411,1049415,1049416,1049417,1049422
CVE References: CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3648,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mysql-5.5.57-0.39.3.1
SUSE Linux Enterprise Server 11-SP4 (src):    mysql-5.5.57-0.39.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mysql-5.5.57-0.39.3.1
Comment 7 Marcus Meissner 2018-01-24 09:37:51 UTC
all done