1. Home
  2. Security Advisories
  3. Amazon Linux
  4. ALAS-2019-1181

[ALAS-2019-1181] Amazon Linux AMI 2014.03 - ALAS-2019-1181: medium priority package update for mysql57

Severity Medium
Affected Packages 20
CVEs 15
Info Packages References Vulnerabilities

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2019-2537:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666763:
CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)

CVE-2019-2534:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).
1666760:
CVE-2019-2534 mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)

CVE-2019-2532:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666758:
CVE-2019-2532 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019)

CVE-2019-2531:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666757:
CVE-2019-2531 mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)

CVE-2019-2529:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
1666755:
CVE-2019-2529 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)

CVE-2019-2528:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666753:
CVE-2019-2528 mysql: Server: Partition unspecified vulnerability (CPU Jan 2019)

CVE-2019-2510:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666751:
CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)

CVE-2019-2507:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666750:
CVE-2019-2507 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)

CVE-2019-2503:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
1666749:
CVE-2019-2503 mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)

CVE-2019-2486:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666745:
CVE-2019-2486 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019)

CVE-2019-2482:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
1666744:
CVE-2019-2482 mysql: Server: PS unspecified vulnerability (CPU Jan 2019)

CVE-2019-2481:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666743:
CVE-2019-2481 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)

CVE-2019-2455:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
1666742:
CVE-2019-2455 mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)

CVE-2019-2434:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
1666740:
CVE-2019-2434 mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)

CVE-2019-2420:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
1666738:
CVE-2019-2420 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)

Package Affected Version
pkg:rpm/amazonlinux/mysql57?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-test?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-test?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-server?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-server?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-libs?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-libs?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-errmsg?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-errmsg?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-embedded?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-embedded?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-embedded-devel?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-embedded-devel?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-devel?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-devel?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-debuginfo?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-debuginfo?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-common?arch=x86_64&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
pkg:rpm/amazonlinux/mysql57-common?arch=i686&distro=amazonlinux-1 < 5.7.25-1.11.amzn1
ID
ALAS-2019-1181
Severity
medium
URL
https://alas.aws.amazon.com/ALAS-2019-1181.html
Published
2019-03-20T23:45:00
(5 years ago)
Modified
2019-03-25T23:03:00
(5 years ago)
Rights
Amazon Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/amazonlinux/mysql57?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57 < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57?arch=i686&distro=amazonlinux-1 amazonlinux mysql57 < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-test?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-test < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-test?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-test < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-server?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-server < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-server?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-server < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-libs?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-libs < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-libs?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-libs < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-errmsg?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-errmsg < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-errmsg?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-errmsg < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-embedded?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-embedded < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-embedded?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-embedded < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-embedded-devel?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-embedded-devel < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-embedded-devel?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-embedded-devel < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-devel?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-devel < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-devel?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-devel < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-debuginfo?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-debuginfo < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-debuginfo?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-debuginfo < 5.7.25-1.11.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/mysql57-common?arch=x86_64&distro=amazonlinux-1 amazonlinux mysql57-common < 5.7.25-1.11.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/mysql57-common?arch=i686&distro=amazonlinux-1 amazonlinux mysql57-common < 5.7.25-1.11.amzn1 amazonlinux-1 i686
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date