[ALAS-2017-800] Amazon Linux AMI 2014.03 - ALAS-2017-800: important priority package update for mysql51
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-6663:
A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.
1378936:
CVE-2016-6663 CVE-2016-5616 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)
CVE-2016-6662:
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
1375198:
CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
1375198:
CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation
CVE-2016-5616:
A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.
1378936:
CVE-2016-6663 CVE-2016-5616 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)
- ID
- ALAS-2017-800
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2017-800.html
- Published
-
2017-02-22T18:00:00
(7 years ago) - Modified
-
2017-02-22T18:00:00
(7 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2016-756
- ALPINE:CVE-2016-6662
- DSA-3666-1
- DSA-3711-1
- ELSA-2016-2595
- ELSA-2017-0184
- FEDORA-2016-0901301dff
- FEDORA-2016-58f90ae3cc
- FEDORA-2016-9b83c6862d
- FEDORA-2016-c7e60a9fd4
- FREEBSD:22373C43-D728-11E6-A9A5-B499BAEBFEAF
- FREEBSD:856B88BF-7984-11E6-81E7-D050996490D0
- FREEBSD:B64A7389-7C27-11E6-8AAA-5404A68AD561
- GLSA-201701-01
- RHSA-2016:2595
- RHSA-2017:0184
- SSA:2016-257-01
- SSA:2016-305-03
- SUSE-SU-2016:2343-1
- SUSE-SU-2016:2395-1
- SUSE-SU-2016:2404-1
- SUSE-SU-2016:2780-1
- SUSE-SU-2016:2932-1
- SUSE-SU-2016:2933-1
- USN-3078-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2016-5616 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616 | |
CVE | CVE-2016-6662 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662 | |
CVE | CVE-2016-6663 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/mysql51?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51 | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51 | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-test?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-test | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-test?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-test | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-server?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-server | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-server?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-server | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-libs?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-libs | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-libs?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-libs | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-embedded?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-embedded | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-embedded?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-embedded | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-embedded-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-embedded-devel | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-embedded-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-embedded-devel | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-devel | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-devel | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-debuginfo | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-debuginfo | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-common?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-common | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-common?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-common | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/mysql51-bench?arch=x86_64&distro=amazonlinux-1 | amazonlinux | mysql51-bench | < 5.1.73-8.72.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/mysql51-bench?arch=i686&distro=amazonlinux-1 | amazonlinux | mysql51-bench | < 5.1.73-8.72.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |