[ALAS-2016-738] Amazon Linux AMI 2014.03 - ALAS-2016-738: important priority package update for mysql55
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-5444:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
1358223:
CVE-2016-5444 mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
CVE-2016-5440:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
1358218:
CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016)
CVE-2016-3615:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
1358212:
CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)
CVE-2016-3521:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
1358209:
CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016)
CVE-2016-3477:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
1358205:
CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016)
CVE-2016-3452:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
1358201:
CVE-2016-3452 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016)
CVE-2016-2047:
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
1301874:
CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check
CVE-2016-0666:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to Security: Privileges.
1329270:
CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016)
CVE-2016-0651:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
1329254:
CVE-2016-0651 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU April 2016)
CVE-2016-0650:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
1329253:
CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016)
CVE-2016-0649:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
1329252:
CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016)
CVE-2016-0648:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to PS.
1329251:
CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016)
CVE-2016-0647:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS.
1329249:
CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016)
CVE-2016-0646:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
1329248:
CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)
CVE-2016-0644:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
1329247:
CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016)
CVE-2016-0643:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect confidentiality via vectors related to DML.
1329245:
CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)
CVE-2016-0642:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
1329243:
CVE-2016-0642 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016)
CVE-2016-0641:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
1329241:
CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016)
CVE-2016-0640:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
1329239:
CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)
CVE-2016-0616:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
1301510:
CVE-2016-0616 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)
CVE-2016-0609:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
1301507:
CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016)
CVE-2016-0608:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
1301506:
CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)
CVE-2016-0606:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
1301504:
CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016)
CVE-2016-0600:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
1301501:
CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
CVE-2016-0598:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
1301498:
CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)
CVE-2016-0597:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
1301497:
CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)
CVE-2016-0596:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
1301496:
CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)
CVE-2016-0546:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.
1301493:
CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016)
CVE-2016-0505:
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
1301492:
CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016)
- ID
- ALAS-2016-738
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2016-738.html
- Published
-
2016-08-17T13:30:00
(8 years ago) - Modified
-
2016-08-17T13:30:00
(8 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2016-684
- ALAS-2016-701
- ALAS-2016-737
- ALPINE:CVE-2016-0643
- ALPINE:CVE-2016-0647
- ALPINE:CVE-2016-0648
- ALPINE:CVE-2016-0666
- ALPINE:CVE-2016-3452
- ALPINE:CVE-2016-3477
- ALPINE:CVE-2016-3521
- ALPINE:CVE-2016-3615
- ALPINE:CVE-2016-5440
- ALPINE:CVE-2016-5444
- DSA-3453-1
- DSA-3459-1
- DSA-3557-1
- DSA-3595-1
- DSA-3624-1
- DSA-3632-1
- ELSA-2016-0534
- ELSA-2016-1602
- FEDORA-2016-1aaf308de4
- FEDORA-2016-5cb344dd7e
- FEDORA-2016-65a1f22818
- FEDORA-2016-7c48036d73
- FEDORA-2016-868c170507
- FEDORA-2016-e30164d0a2
- FREEBSD:8C2B2F11-0EBE-11E6-B55E-B499BAEBFEAF
- FREEBSD:CA5CB202-4F51-11E6-B2EC-B499BAEBFEAF
- RHSA-2016:0534
- RHSA-2016:1602
- SUSE-SU-2016:0348-1
- SUSE-SU-2016:1279-1
- SUSE-SU-2016:1619-1
- SUSE-SU-2016:1620-1
- SUSE-SU-2016:2218-1
- SUSE-SU-2016:2248-1
- SUSE-SU-2016:2343-1
- USN-2881-1
- USN-2953-1
- USN-2954-1
- USN-3040-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/mysql55?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55 | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55 | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-test?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-test | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-test?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-test | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-server?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-server | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-server?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-server | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-libs?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-libs | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-libs?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-libs | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-embedded?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-embedded | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-embedded?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-embedded | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-embedded-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-embedded-devel | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-embedded-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-embedded-devel | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-devel | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-devel | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-debuginfo | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-debuginfo | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql55-bench?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql55-bench | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql55-bench?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql55-bench | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql-config?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql-config | < 5.5.51-1.11.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql-config?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql-config | < 5.5.51-1.11.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |