Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1382-1 Final 1 1 2018-05-23T08:16:11Z current 2018-05-23T08:16:11Z 2018-05-23T08:16:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SERVER-12-2018-966 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ Link for SUSE-SU-2018:1382-1 https://lists.suse.com/pipermail/sle-security-updates/2018-May/004081.html E-Mail link for SUSE-SU-2018:1382-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1088681 SUSE Bug 1088681 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 https://www.suse.com/security/cve/CVE-2018-2755/ SUSE CVE CVE-2018-2755 page https://www.suse.com/security/cve/CVE-2018-2761/ SUSE CVE CVE-2018-2761 page https://www.suse.com/security/cve/CVE-2018-2766/ SUSE CVE CVE-2018-2766 page https://www.suse.com/security/cve/CVE-2018-2767/ SUSE CVE CVE-2018-2767 page https://www.suse.com/security/cve/CVE-2018-2771/ SUSE CVE CVE-2018-2771 page https://www.suse.com/security/cve/CVE-2018-2781/ SUSE CVE CVE-2018-2781 page https://www.suse.com/security/cve/CVE-2018-2782/ SUSE CVE CVE-2018-2782 page https://www.suse.com/security/cve/CVE-2018-2784/ SUSE CVE CVE-2018-2784 page https://www.suse.com/security/cve/CVE-2018-2787/ SUSE CVE CVE-2018-2787 page https://www.suse.com/security/cve/CVE-2018-2813/ SUSE CVE CVE-2018-2813 page https://www.suse.com/security/cve/CVE-2018-2817/ SUSE CVE CVE-2018-2817 page https://www.suse.com/security/cve/CVE-2018-2819/ SUSE CVE CVE-2018-2819 page SUSE Linux Enterprise Server 12-LTSS libmysqlclient-devel-10.0.35-20.46.1 libmysqlclient18-10.0.35-20.46.1 libmysqlclient18-32bit-10.0.35-20.46.1 libmysqlclient_r18-10.0.35-20.46.1 libmysqld-devel-10.0.35-20.46.1 libmysqld18-10.0.35-20.46.1 mariadb-10.0.35-20.46.1 mariadb-client-10.0.35-20.46.1 mariadb-errormessages-10.0.35-20.46.1 mariadb-tools-10.0.35-20.46.1 libmysqlclient-devel-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient18-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient18-32bit-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqlclient_r18-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqld-devel-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS libmysqld18-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-client-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-errormessages-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS mariadb-tools-10.0.35-20.46.1 as a component of SUSE Linux Enterprise Server 12-LTSS Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2755 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2755.html CVE-2018-2755 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2761 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2761.html CVE-2018-2761 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2766 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2766.html CVE-2018-2766 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2767 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2767.html CVE-2018-2767 https://bugzilla.suse.com/1088681 SUSE Bug 1088681 https://bugzilla.suse.com/1101675 SUSE Bug 1101675 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2771 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2771.html CVE-2018-2771 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2781 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2781.html CVE-2018-2781 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2782 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2782.html CVE-2018-2782 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2784 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2784.html CVE-2018-2784 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2018-2787 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2787.html CVE-2018-2787 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2813 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2813.html CVE-2018-2813 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2817 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2817.html CVE-2018-2817 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2018-2819 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient18-32bit-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqlclient_r18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld-devel-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:libmysqld18-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-client-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-errormessages-10.0.35-20.46.1 SUSE Linux Enterprise Server 12-LTSS:mariadb-tools-10.0.35-20.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/ https://www.suse.com/security/cve/CVE-2018-2819.html CVE-2018-2819 https://bugzilla.suse.com/1089987 SUSE Bug 1089987 https://bugzilla.suse.com/1090518 SUSE Bug 1090518