Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2016-684
HistoryApr 06, 2016 - 2:40 p.m.

Important: mysql56

2016-04-0614:40:00
alas.aws.amazon.com
22

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

82.2%

JSON

Issue Overview:

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack. (CVE-2015-7744)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4864)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4861)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2015-4862)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. (CVE-2015-4910)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. (CVE-2015-4913)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0610)

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0594)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0595)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. (CVE-2015-4792)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. (CVE-2015-4791)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. (CVE-2015-4807)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. (CVE-2015-4870)

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0599)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. (CVE-2016-0546)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. (CVE-2015-4858)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. (CVE-2015-4815)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. (CVE-2015-4833)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4830)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. (CVE-2015-4836)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to UDF. (CVE-2016-0608)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. (CVE-2016-0609)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. (CVE-2016-0505)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. (CVE-2016-0504)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. (CVE-2015-4890)

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. (CVE-2016-0601)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. (CVE-2015-4904)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. (CVE-2015-4905)

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. (CVE-2016-0605)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. (CVE-2016-0606)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. (CVE-2015-4766)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0611)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to replication. (CVE-2016-0607)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. (CVE-2015-4819)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. (CVE-2015-4879)

Unspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0502)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4895)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. (CVE-2016-0503)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0600)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. (CVE-2015-4802)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. (CVE-2015-4800)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. (CVE-2015-4826)

Affected Packages:

mysql56

Issue Correction:
Run yum update mysql56 to update your system.

New Packages:

i686:  
    mysql56-debuginfo-5.6.29-1.14.amzn1.i686  
    mysql56-common-5.6.29-1.14.amzn1.i686  
    mysql56-test-5.6.29-1.14.amzn1.i686  
    mysql56-errmsg-5.6.29-1.14.amzn1.i686  
    mysql56-server-5.6.29-1.14.amzn1.i686  
    mysql56-devel-5.6.29-1.14.amzn1.i686  
    mysql56-5.6.29-1.14.amzn1.i686  
    mysql56-libs-5.6.29-1.14.amzn1.i686  
    mysql56-bench-5.6.29-1.14.amzn1.i686  
    mysql56-embedded-devel-5.6.29-1.14.amzn1.i686  
    mysql56-embedded-5.6.29-1.14.amzn1.i686  
  
src:  
    mysql56-5.6.29-1.14.amzn1.src  
  
x86_64:  
    mysql56-test-5.6.29-1.14.amzn1.x86_64  
    mysql56-bench-5.6.29-1.14.amzn1.x86_64  
    mysql56-server-5.6.29-1.14.amzn1.x86_64  
    mysql56-5.6.29-1.14.amzn1.x86_64  
    mysql56-devel-5.6.29-1.14.amzn1.x86_64  
    mysql56-errmsg-5.6.29-1.14.amzn1.x86_64  
    mysql56-embedded-5.6.29-1.14.amzn1.x86_64  
    mysql56-debuginfo-5.6.29-1.14.amzn1.x86_64  
    mysql56-libs-5.6.29-1.14.amzn1.x86_64  
    mysql56-common-5.6.29-1.14.amzn1.x86_64  
    mysql56-embedded-devel-5.6.29-1.14.amzn1.x86_64

Additional References

Red Hat: CVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616

Mitre: CVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686mysql56-debuginfo< 5.6.29-1.14.amzn1mysql56-debuginfo-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-common< 5.6.29-1.14.amzn1mysql56-common-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-test< 5.6.29-1.14.amzn1mysql56-test-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-errmsg< 5.6.29-1.14.amzn1mysql56-errmsg-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-server< 5.6.29-1.14.amzn1mysql56-server-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-devel< 5.6.29-1.14.amzn1mysql56-devel-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56< 5.6.29-1.14.amzn1mysql56-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-libs< 5.6.29-1.14.amzn1mysql56-libs-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-bench< 5.6.29-1.14.amzn1mysql56-bench-5.6.29-1.14.amzn1.i686.rpm
Amazon Linux1i686mysql56-embedded-devel< 5.6.29-1.14.amzn1mysql56-embedded-devel-5.6.29-1.14.amzn1.i686.rpm
Rows per page:
1-10 of 221

Related

openvas 54
nessus 61
fedora 4
f5 6
oraclelinux 1
ibm 2
symantec 1
suse 9
ubuntu 2
debian 9
redhat 6
mageia 1
freebsd 2
archlinux 1
centos 1
kaspersky 1
osv 1
cvelist 6
ubuntucve 6
prion 6
cve 7
nvd 7
mariadbunix 4
amazon 1
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-684)
2016-05-09 00:00:00
Fedora Update for community-mysql FEDORA-2016-65
2016-03-10 00:00:00
Fedora Update for community-mysql FEDORA-2016-5
2016-03-10 00:00:00
nessus
nessus
Fedora 23 : community-mysql-5.6.29-1.fc23 (2016-65a1f22818)
2016-03-10 00:00:00
Amazon Linux AMI : mysql56 (ALAS-2016-684)
2016-04-07 00:00:00
Fedora 23 : mariadb-10.0.23-1.fc23 (2016-e30164d0a2)
2016-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22
2016-03-05 22:51:47
[SECURITY] Fedora 23 Update: community-mysql-5.6.29-1.fc23
2016-03-09 20:22:00
[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22
2016-03-09 20:17:15
f5
f5
SOL59010802 - Multiple MySQL vulnerabilities
2015-12-15 00:00:00
K59010802 : Multiple MySQL vulnerabilities
2015-12-15 00:00:00
K85298305 : Multiple MySQL vulnerabilities
2017-05-08 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-03-31 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSource Oracle Mysql affect IBM Security Guardium Database Activity Monitor
2018-06-16 21:38:45
Security Bulletin: IBM Security Guardium is affected by OpenSource Oracle MySQL Vulnerability (multiple CVEs)
2018-06-16 21:40:13
symantec
symantec
SA106 : MySQL Vulnerabilities October 2015
2015-12-17 08:00:00
suse
suse
Security update for MySQL (important)
2016-02-08 14:11:50
Security update to MariaDB 10.0.22 (important)
2015-12-10 12:13:12
Security update to MariaDB 5.5.46 (important)
2015-12-10 13:10:14
ubuntu
ubuntu
MySQL vulnerabilities
2015-10-26 00:00:00
MySQL vulnerabilities
2016-01-26 00:00:00
debian
debian
[SECURITY] [DSA 3385-1] mariadb-10.0 security update
2015-10-31 08:23:38
[SECURITY] [DSA 3385-1] mariadb-10.0 security update
2015-10-31 08:23:38
[SECURITY] [DSA 3459-1] mysql-5.5 security update
2016-01-28 19:04:02
redhat
redhat
(RHSA-2016:22610) Moderate: mariadb security and bug fix update
2016-02-03 05:00:00
(RHSA-2016:0534) Moderate: mariadb security and bug fix update
2016-03-31 14:15:24
(RHSA-2016:0705) Critical: rh-mysql56-mysql security update
2016-05-02 12:15:44
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2015-11-17 00:36:58
freebsd
freebsd
MySQL - Multiple vulnerabilities
2015-11-10 00:00:00
wolfssl -- leakage of private key information
2015-09-17 00:00:00
archlinux
archlinux
mariadb: denial of service
2015-10-30 00:00:00
centos
centos
mariadb security update
2016-03-31 20:53:35
kaspersky
kaspersky
KLA10749 Multiple vulnerabilities in MariaDB
2016-01-27 00:00:00
osv
osv
mysql-5.5 packages as an option announcement
2015-12-16 00:00:00
cvelist
cvelist
CVE-2015-4792
2015-10-21 21:00:00
CVE-2015-4802
2015-10-21 21:00:00
CVE-2015-4858
2015-10-21 23:00:00
ubuntucve
ubuntucve
CVE-2015-4802
2015-10-21 00:00:00
CVE-2015-4792
2015-10-21 00:00:00
CVE-2015-4858
2015-10-21 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-21 21:59:00
cve
cve
CVE-2015-4802
2015-10-21 21:59:19
CVE-2015-4858
2015-10-21 23:59:23
CVE-2015-4792
2015-10-21 21:59:09
nvd
nvd
CVE-2015-4792
2015-10-21 21:59:09
CVE-2015-4802
2015-10-21 21:59:19
CVE-2015-4913
2015-10-22 00:00:16
mariadbunix
mariadbunix
CVE-2015-4792
2015-10-21 21:59:00
CVE-2015-4802
2015-10-21 21:59:00
CVE-2015-4913
2015-10-22 00:00:00
amazon
amazon
Important: mysql55
2016-08-17 13:30:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

82.2%

JSON
Related for ALAS-2016-684
openvas54nessus61fedora4f56oraclelinux1ibm2symantec1suse9ubuntu2debian9redhat6mageia1freebsd2archlinux1centos1kaspersky1osv1cvelist6ubuntucve6prion6cve7nvd7mariadbunix4amazon1