Update vulnerabilities list

Update mysql tuner version Update internals documentation
2016-06-10 10:18:21 +02:00 · 2016-06-10 10:18:21 +02:00 · 0b534333b2
commit 0b534333b2
parent b24faef04a
3 changed files with 25 additions and 11 deletions
--- a/INTERNALS.md
+++ b/INTERNALS.md
@ -227,9 +227,11 @@
 * Key buffer write hit ratio (>95%)
 ## MySQLTuner Galera information
 * wsrep_ready cluster is ready
 * wsrep_connected node is connected to other nodes
 * wsrep_cluster_name is defined.
 * wsrep_node_name is defined.
 * Check thet notification script wsrep_notify_cmd is defined
 * wsrep_cluster_status PRIMARY /NON PRIMARY.
 	* PRIMARY : Coherent cluster
 	* NO PRIMARY : cluster gets several states
@ -240,7 +242,13 @@
 	* SYNCED state able to read/write
 * wsrep_cluster_conf_id configuration level must be identical in all nodes
 * wsrep_last_commited committed level must be identical in all nodes
-
+* Look for tables without primary keys
 * Look for non InnoDB tables for Galera
 * Variable innodb_flush_log_at_trx_commit should be set to 0.
 * Check that there is 3 or 5 members in Galera cluster.
 * Check that xtrabackup is used for SST method with wsrep_sst_method variable.
 * Check variables wsrep_OSU_method is defined to TOI for updates.
 * Check that there is no certification failures controlling wsrep_local_cert_failures status.
 ## MySQLTuner TokuDB information
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# mysqltuner.pl - Version 1.6.12
+# mysqltuner.pl - Version 1.6.13
 # High Performance MySQL Tuning Script
 # Copyright (C) 2006-2016 Major Hayden - major@mhtx.net
 #
@ -54,7 +54,7 @@ $Data::Dumper::Pair = " : ";
 #use Env;
 # Set up a few variables for use in the script
-my $tunerversion = "1.6.12";
+my $tunerversion = "1.6.13";
 my ( @adjvars, @generalrec );
 # Set defaults
@ -4072,7 +4072,7 @@ __END__
 =head1 NAME
- MySQLTuner 1.6.12 - MySQL High Performance Tuning Script
+ MySQLTuner 1.6.13 - MySQL High Performance Tuning Script
 =head1 IMPORTANT USAGE GUIDELINES
--- a/vulnerabilities.csv
+++ b/vulnerabilities.csv
@ -367,6 +367,9 @@
 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";
 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";
 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";
 5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937";Assigned (20150410);"None (candidate not yet proposed)";
 6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937";Assigned (20150410);"None (candidate not yet proposed)";
 5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937";Assigned (20150410);"None (candidate not yet proposed)";
 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";
 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";
 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";
@ -421,12 +424,15 @@
 2.17.1;2;17;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";
 10.0.22;10;0;22;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";
 2.21.2;2;21;2;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";
-5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)";
+5.4.43;5;4;43;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)";
-5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)";
+5.5.27;5;5;27;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)";
-5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)";
+5.6.11;5;6;11;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)";
-5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)";
+5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";
-10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)";
+5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";
-10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)";
+5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";
 5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";
 10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";
 10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";
 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20160122);"None (candidate not yet proposed)";
 10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20160122);"None (candidate not yet proposed)";
 10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20160122);"None (candidate not yet proposed)";