Vulnerabilities list updated
#190 Query cache must be activated in MariaDB 10.1 #184 bug fix on messages #184 xtrabackup support when wsrep_sst_method is starting by xtrabackup
This commit is contained in:
		
							parent
							
								
									fa1639e418
								
							
						
					
					
						commit
						737628dd1b
					
				
					 2 changed files with 56 additions and 46 deletions
				
			
		|  | @ -2501,7 +2501,7 @@ sub mysql_stats { | |||
|         push( @generalrec, | ||||
|             "Upgrade MySQL to version 4+ to utilize query caching" ); | ||||
|     } | ||||
|     elsif ( mysql_version_ge( 5, 5 ) ) { | ||||
|     elsif ( mysql_version_ge( 5, 5 ) and  !mysql_version_ge( 10, 1 ) ) { | ||||
|         if ( $myvar{'query_cache_type'} ne "OFF" ) { | ||||
|             badprint | ||||
| "Query cache should be disabled by default due to mutex contention."; | ||||
|  | @ -3299,12 +3299,12 @@ sub mariadb_galera { | |||
|             badprint "Galera Notify command is not defined."; | ||||
|             push( @adjvars, "set up parameter wsrep_notify_cmd to be notify" ); | ||||
|         } | ||||
|         if ( trim( $myvar{'wsrep_sst_method'} ) ne "xtrabackup" ) { | ||||
|             badprint "Galera SST method is xtrabackup."; | ||||
|             push( @adjvars, "set up parameter wsrep_sst_method to xtrabackup" ); | ||||
|         if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^\s*xtrabackup.*" ) { | ||||
|             badprint "Galera SST method is not xtrabackup based."; | ||||
|             push( @adjvars, "set up parameter wsrep_sst_method to xtrabackup based parameter" ); | ||||
|         } | ||||
|         else { | ||||
|             goodprint "SST Method is inot based on xtrabackup."; | ||||
|             badprint "SST Method is based on xtrabackup."; | ||||
|         } | ||||
|         if ( trim( $myvar{'wsrep_OSU_method'} ) eq "TOI" ) { | ||||
|             goodprint "TOI is default mode for upgrade."; | ||||
|  |  | |||
|  | @ -375,48 +375,58 @@ | |||
| 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.28;5;6;28;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 2.17.1;2;17;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 10.0.22;10;0;22;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 2.21.2;2;21;2;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
|  |  | |||
| 
 | 
		Loading…
	
		Reference in a new issue
	
	 root
						root