Bugzilla – Bug 1064118
VUL-0: CVE-2017-3731: mariadb,mysql: issue inside subcomponent Server Security Encryption (OpenSSL)
Last modified: 2018-04-19 14:59:31 UTC
Oracle July 2016 Patch Day. http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html#MSQL Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption (OpenSSL)). Supported versions that are affected are 5.6.35 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
This issue is covered by openssl bsc#1022085.
This is an autogenerated message for OBS integration: This bug (1064118) was mentioned in https://build.opensuse.org/request/show/535287 42.2+42.3 / mysql-community-server
openSUSE:Factory is not affected as we don't have mysql-community-server there anymore Everything is finished here, I'm reassigning it back to the security team.
openSUSE-SU-2017:2868-1: An update that solves 13 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1039034,1064096,1064100,1064101,1064102,1064104,1064105,1064107,1064108,1064112,1064115,1064116,1064117,1064118,1064119 CVE References: CVE-2017-10155,CVE-2017-10227,CVE-2017-10268,CVE-2017-10276,CVE-2017-10279,CVE-2017-10283,CVE-2017-10286,CVE-2017-10294,CVE-2017-10314,CVE-2017-10378,CVE-2017-10379,CVE-2017-10384,CVE-2017-3731 Sources used: openSUSE Leap 42.3 (src): mysql-community-server-5.6.38-30.1 openSUSE Leap 42.2 (src): mysql-community-server-5.6.38-24.12.1
released