security update for mysql SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1333-1 Final 1 1 2018-05-18T06:04:21Z current 2018-05-18T06:04:21Z 2018-05-18T06:04:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z security update for mysql This update fixes the following issues: - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-mysql-13611,slessp4-mysql-13611 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ Link for SUSE-SU-2018:1333-1 https://lists.suse.com/pipermail/sle-security-updates/2018-May/004064.html E-Mail link for SUSE-SU-2018:1333-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://www.suse.com/security/cve/CVE-2018-2755/ SUSE CVE CVE-2018-2755 page https://www.suse.com/security/cve/CVE-2018-2761/ SUSE CVE CVE-2018-2761 page https://www.suse.com/security/cve/CVE-2018-2771/ SUSE CVE CVE-2018-2771 page https://www.suse.com/security/cve/CVE-2018-2773/ SUSE CVE CVE-2018-2773 page https://www.suse.com/security/cve/CVE-2018-2781/ SUSE CVE CVE-2018-2781 page https://www.suse.com/security/cve/CVE-2018-2813/ SUSE CVE CVE-2018-2813 page https://www.suse.com/security/cve/CVE-2018-2817/ SUSE CVE CVE-2018-2817 page https://www.suse.com/security/cve/CVE-2018-2818/ SUSE CVE CVE-2018-2818 page https://www.suse.com/security/cve/CVE-2018-2819/ SUSE CVE CVE-2018-2819 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libmysql55client_r18-32bit-5.5.60-0.39.12.1 libmysql55client_r18-x86-5.5.60-0.39.12.1 libmysql55client18-5.5.60-0.39.12.1 libmysql55client18-32bit-5.5.60-0.39.12.1 libmysql55client18-x86-5.5.60-0.39.12.1 libmysql55client_r18-5.5.60-0.39.12.1 mysql-5.5.60-0.39.12.1 mysql-client-5.5.60-0.39.12.1 mysql-tools-5.5.60-0.39.12.1 libmysql55client18-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmysql55client18-32bit-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmysql55client18-x86-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmysql55client_r18-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmysql55client_r18-32bit-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmysql55client_r18-x86-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 mysql-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 mysql-client-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 mysql-tools-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmysql55client18-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmysql55client18-32bit-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmysql55client18-x86-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmysql55client_r18-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmysql55client_r18-32bit-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmysql55client_r18-x86-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 mysql-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 mysql-client-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 mysql-tools-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmysql55client_r18-32bit-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libmysql55client_r18-x86-5.5.60-0.39.12.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2755 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2755.html CVE-2018-2755 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2761 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2761.html CVE-2018-2761 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2771 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2771.html CVE-2018-2771 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2773 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2773.html CVE-2018-2773 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2781 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2781.html CVE-2018-2781 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2813 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2813.html CVE-2018-2813 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2817 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2817.html CVE-2018-2817 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2818 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2818.html CVE-2018-2818 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2819 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-client-5.5.60-0.39.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-tools-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-32bit-5.5.60-0.39.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmysql55client_r18-x86-5.5.60-0.39.12.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/ https://www.suse.com/security/cve/CVE-2018-2819.html CVE-2018-2819 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518