[ALAS-2016-737] Amazon Linux AMI 2014.03 - ALAS-2016-737: important priority package update for mysql56

Severity Important

Affected Packages 22

CVEs 9

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-5440:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
1358218:
CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016)

CVE-2016-5439:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.
1358216:
CVE-2016-5439 mysql: unspecified vulnerability in subcomponent: Server: Privileges (CPU July 2016)

CVE-2016-3615:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
1358212:
CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)

CVE-2016-3614:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
1358211:
CVE-2016-3614 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016)

CVE-2016-3521:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
1358209:
CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016)

CVE-2016-3501:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
1358207:
CVE-2016-3501 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU July 2016)

CVE-2016-3486:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
1358206:
CVE-2016-3486 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU July 2016)

CVE-2016-3477:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
1358205:
CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016)

CVE-2016-3459:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
1358202:
CVE-2016-3459 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU July 2016)

Package	Affected Version
pkg:rpm/amazonlinux/mysql56?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-test?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-test?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-server?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-server?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-libs?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-libs?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-errmsg?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-errmsg?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-embedded?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-embedded?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-embedded-devel?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-embedded-devel?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-devel?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-devel?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-debuginfo?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-debuginfo?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-common?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-common?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-bench?arch=x86_64&distro=amazonlinux-1	< 5.6.32-1.16.amzn1
pkg:rpm/amazonlinux/mysql56-bench?arch=i686&distro=amazonlinux-1	< 5.6.32-1.16.amzn1

ID

ALAS-2016-737

Severity

important

URL

https://alas.aws.amazon.com/ALAS-2016-737.html

Published

2016-08-17T13:30:00
(8 years ago)

Modified

2016-08-17T13:30:00
(8 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	URL
CVE	CVE-2016-3459	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3459
CVE	CVE-2016-3477	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3477
CVE	CVE-2016-3486	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3486
CVE	CVE-2016-3501	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3501
CVE	CVE-2016-3521	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3521
CVE	CVE-2016-3614	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3614
CVE	CVE-2016-3615	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3615
CVE	CVE-2016-5439	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5439
CVE	CVE-2016-5440	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5440

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/mysql56?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-test?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-test	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-test?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-test	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-server?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-server	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-server?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-server	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-libs?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-libs	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-libs?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-libs	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-errmsg?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-errmsg	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-errmsg?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-errmsg	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-embedded?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-embedded	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-embedded?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-embedded	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-embedded-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-embedded-devel	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-embedded-devel?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-embedded-devel	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-devel	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-devel?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-devel	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-debuginfo	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-debuginfo	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-common?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-common	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-common?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-common	< 5.6.32-1.16.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/mysql56-bench?arch=x86_64&distro=amazonlinux-1	amazonlinux	mysql56-bench	< 5.6.32-1.16.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/mysql56-bench?arch=i686&distro=amazonlinux-1	amazonlinux	mysql56-bench	< 5.6.32-1.16.amzn1	amazonlinux-1	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date