SUSE-SU-2016:1279

SUSE-SU-2016:1619

SUSE-SU-2016:1620

openSUSE-SU-2016:1664

openSUSE-SU-2016:1686

RHSA-2016:0534

RHSA-2016:1480

RHSA-2016:1481

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

1035606

RHSA-2016:1132

mariadb was updated to version 10.0.25 to fix 25 security issues.

These security issues were fixed :

  - CVE-2016-0505: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Options (bsc#980904).

  - CVE-2016-0546: Unspecified vulnerability allowed local     users to affect confidentiality, integrity, and     availability via unknown vectors related to Client     (bsc#980904).

  - CVE-2016-0596: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0597: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Optimizer (bsc#980904).

  - CVE-2016-0598: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0600: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to InnoDB (bsc#980904).

  - CVE-2016-0606: Unspecified vulnerability allowed remote     authenticated users to affect integrity via unknown     vectors related to encryption (bsc#980904).

  - CVE-2016-0608: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to UDF (bsc#980904).

  - CVE-2016-0609: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to privileges (bsc#980904).

  - CVE-2016-0616: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Optimizer (bsc#980904).

  - CVE-2016-0640: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0641: Unspecified vulnerability allowed local     users to affect confidentiality and availability via     vectors related to MyISAM (bsc#980904).

  - CVE-2016-0642: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to Federated (bsc#980904).

  - CVE-2016-0643: Unspecified vulnerability allowed local     users to affect confidentiality via vectors related to     DML (bsc#980904).

  - CVE-2016-0644: Unspecified vulnerability allowed local     users to affect availability via vectors related to DDL     (bsc#980904).

  - CVE-2016-0646: Unspecified vulnerability allowed local     users to affect availability via vectors related to DML     (bsc#980904).

  - CVE-2016-0647: Unspecified vulnerability allowed local     users to affect availability via vectors related to FTS     (bsc#980904).

  - CVE-2016-0648: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#980904).

  - CVE-2016-0649: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#980904).

  - CVE-2016-0650: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Replication (bsc#980904).

  - CVE-2016-0651: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Optimizer (bsc#980904).

  - CVE-2016-0655: Unspecified vulnerability allowed local     users to affect availability via vectors related to     InnoDB (bsc#980904).

  - CVE-2016-0666: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Security: Privileges (bsc#980904).

  - CVE-2016-0668: Unspecified vulnerability allowed local     users to affect availability via vectors related to     InnoDB (bsc#980904).

  - CVE-2016-2047: The ssl_verify_server_cert function in     sql-common/client.c did not properly verify that the     server hostname matches a domain name in the subject's     Common Name (CN) or subjectAltName field of the X.509     certificate, which allowed man-in-the-middle attackers     to spoof SSL servers via a '/CN=' string in a field in a     certificate, as demonstrated by     '/OU=/CN=bar.com/CN=foo.com (bsc#963806).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to UDF. (CVE-2016-0608)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. (CVE-2016-0609)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. (CVE-2016-0505)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0600)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-3452)

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DDL.
(CVE-2016-0644)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. (CVE-2016-3477)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597)

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect integrity and availability via vectors related to DML. (CVE-2016-0640)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. (CVE-2016-3521)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect integrity and availability via vectors related to Federated. (CVE-2016-0642)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect confidentiality via vectors related to DML.
(CVE-2016-0643)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to Security:
Privileges. (CVE-2016-0666)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
(CVE-2016-0651)

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to Replication.
(CVE-2016-0650)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598)

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to PS.
(CVE-2016-0649)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. (CVE-2016-5440)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection. (CVE-2016-5444)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. (CVE-2016-0606)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to PS.
(CVE-2016-0648)

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DML.
(CVE-2016-0646)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. (CVE-2016-0546)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to FTS.
(CVE-2016-0647)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. (CVE-2016-3615)

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. (CVE-2016-0641)

mariadb was updated to version 10.0.25 to fix 25 security issues.

These security issues were fixed :

  - CVE-2016-0505: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Options (bsc#980904).

  - CVE-2016-0546: Unspecified vulnerability allowed local     users to affect confidentiality, integrity, and     availability via unknown vectors related to Client     (bsc#980904).

  - CVE-2016-0596: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0597: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Optimizer (bsc#980904).

  - CVE-2016-0598: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0600: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to InnoDB (bsc#980904).

  - CVE-2016-0606: Unspecified vulnerability allowed remote     authenticated users to affect integrity via unknown     vectors related to encryption (bsc#980904).

  - CVE-2016-0608: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to UDF (bsc#980904).

  - CVE-2016-0609: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to privileges (bsc#980904).

  - CVE-2016-0616: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Optimizer (bsc#980904).

  - CVE-2016-0640: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0641: Unspecified vulnerability allowed local     users to affect confidentiality and availability via     vectors related to MyISAM (bsc#980904).

  - CVE-2016-0642: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to Federated (bsc#980904).

  - CVE-2016-0643: Unspecified vulnerability allowed local     users to affect confidentiality via vectors related to     DML (bsc#980904).

  - CVE-2016-0644: Unspecified vulnerability allowed local     users to affect availability via vectors related to DDL     (bsc#980904).

  - CVE-2016-0646: Unspecified vulnerability allowed local     users to affect availability via vectors related to DML     (bsc#980904).

  - CVE-2016-0647: Unspecified vulnerability allowed local     users to affect availability via vectors related to FTS     (bsc#980904).

  - CVE-2016-0648: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#980904).

  - CVE-2016-0649: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#980904).

  - CVE-2016-0650: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Replication (bsc#980904).

  - CVE-2016-0651: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Optimizer (bsc#980904).

  - CVE-2016-0655: Unspecified vulnerability allowed local     users to affect availability via vectors related to     InnoDB (bsc#980904).

  - CVE-2016-0666: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Security: Privileges (bsc#980904).

  - CVE-2016-0668: Unspecified vulnerability allowed local     users to affect availability via vectors related to     InnoDB (bsc#980904).

  - CVE-2016-2047: The ssl_verify_server_cert function in     sql-common/client.c did not properly verify that the     server hostname matches a domain name in the subject's     Common Name (CN) or subjectAltName field of the X.509     certificate, which allowed man-in-the-middle attackers     to spoof SSL servers via a '/CN=' string in a field in a     certificate, as demonstrated by     '/OU=/CN=bar.com/CN=foo.com (bsc#963806).

These non-security issues were fixed :

  - bsc#961935: Remove the leftovers of 'openSUSE' string in     the '-DWITH_COMMENT' and 'DCOMPILATION_COMMENT' options

  - bsc#970287: remove ha_tokudb.so plugin and     tokuft_logprint and tokuftdump binaries as TokuDB     storage engine requires the jemalloc library that isn't     present in SLE-12-SP1 

  - bsc#970295: Fix the leftovers of 'logrotate.d/mysql'     string in the logrotate error message. Occurrences of     this string were changed to 'logrotate.d/mariadb' 

  - bsc#963810: Add 'log-error' and 'secure-file-priv'     configuration options

  - add '/etc/my.cnf.d/error_log.conf' that specifies     'log-error = /var/log/mysql/mysqld.log'. If no path is     set, the error log is written to     '/var/lib/mysql/$HOSTNAME.err', which is not picked up     by logrotate.

  - add '/etc/my.cnf.d/secure_file_priv.conf' which     specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD     FILE()' will only work with files in the directory     specified by 'secure-file-priv' option     (='/var/lib/mysql-files').

mariadb was updated to version 10.0.25 to fix 25 security issues.

These security issues were fixed :

  - CVE-2016-0505: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Options (bsc#980904).

  - CVE-2016-0546: Unspecified vulnerability allowed local     users to affect confidentiality, integrity, and     availability via unknown vectors related to Client     (bsc#980904).

  - CVE-2016-0596: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0597: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Optimizer (bsc#980904).

  - CVE-2016-0598: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0600: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to InnoDB (bsc#980904).

  - CVE-2016-0606: Unspecified vulnerability allowed remote     authenticated users to affect integrity via unknown     vectors related to encryption (bsc#980904).

  - CVE-2016-0608: Unspecified vulnerability allowed remote     authenticated users to affect availability via vectors     related to UDF (bsc#980904).

  - CVE-2016-0609: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to privileges (bsc#980904).

  - CVE-2016-0616: Unspecified vulnerability allowed remote     authenticated users to affect availability via unknown     vectors related to Optimizer (bsc#980904).

  - CVE-2016-0640: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to DML (bsc#980904).

  - CVE-2016-0641: Unspecified vulnerability allowed local     users to affect confidentiality and availability via     vectors related to MyISAM (bsc#980904).

  - CVE-2016-0642: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to Federated (bsc#980904).

  - CVE-2016-0643: Unspecified vulnerability allowed local     users to affect confidentiality via vectors related to     DML (bsc#980904).

  - CVE-2016-0644: Unspecified vulnerability allowed local     users to affect availability via vectors related to DDL     (bsc#980904).

  - CVE-2016-0646: Unspecified vulnerability allowed local     users to affect availability via vectors related to DML     (bsc#980904).

  - CVE-2016-0647: Unspecified vulnerability allowed local     users to affect availability via vectors related to FTS     (bsc#980904).

  - CVE-2016-0648: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#980904).

  - CVE-2016-0649: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#980904).

  - CVE-2016-0650: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Replication (bsc#980904).

  - CVE-2016-0651: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Optimizer (bsc#980904).

  - CVE-2016-0655: Unspecified vulnerability allowed local     users to affect availability via vectors related to     InnoDB (bsc#980904).

  - CVE-2016-0666: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Security: Privileges (bsc#980904).

  - CVE-2016-0668: Unspecified vulnerability allowed local     users to affect availability via vectors related to     InnoDB (bsc#980904).

  - CVE-2016-2047: The ssl_verify_server_cert function in     sql-common/client.c did not properly verify that the     server hostname matches a domain name in the subject's     Common Name (CN) or subjectAltName field of the X.509     certificate, which allowed man-in-the-middle attackers     to spoof SSL servers via a '/CN=' string in a field in a     certificate, as demonstrated by     '/OU=/CN=bar.com/CN=foo.com (bsc#963806).

These non-security issues were fixed :

  - bsc#970295: Fix the leftovers of 'logrotate.d/mysql'     string in the logrotate error message. Occurrences of     this string were changed to 'logrotate.d/mariadb'

  - bsc#963810: Add 'log-error' and 'secure-file-priv'     configuration options

  - add '/etc/my.cnf.d/error_log.conf' that specifies     'log-error = /var/log/mysql/mysqld.log'. If no path is     set, the error log is written to     '/var/lib/mysql/$HOSTNAME.err', which is not picked up     by logrotate.

  - add '/etc/my.cnf.d/secure_file_priv.conf' which     specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD     FILE()' will only work with files in the directory     specified by 'secure-file-priv' option     (='/var/lib/mysql-files').

  - Temporarily disable OQGraph. It seems to need the boost     library with the version not earlier than 1.40 and not     later than 1.55 (MDEV-9479)

  - boo#979524: Don't remove HandlerSocket plugin 

  - boo#970287: Add 'BuildRequires: jemalloc-devel' in order     to allow enabling of the TokuDB plugin 

  - run 'usermod -g mysql mysql' only if mysql user is not     in mysql group. Run 'usermod -s /bin/false/ mysql' only     if mysql user doesn't have '/bin/false' shell set.

  - Re-enable profiling support

mysql was updated to version 5.5.49 to fix 13 security issues.

These security issues were fixed :

  - CVE-2016-0644: Unspecified vulnerability allowed local     users to affect availability via vectors related to DDL     (bsc#976341).

  - CVE-2016-0646: Unspecified vulnerability allowed local     users to affect availability via vectors related to DML     (bsc#976341).

  - CVE-2016-0647: Unspecified vulnerability allowed local     users to affect availability via vectors related to FTS     (bsc#976341).

  - CVE-2016-0640: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to DML (bsc#976341).

  - CVE-2016-0641: Unspecified vulnerability allowed local     users to affect confidentiality and availability via     vectors related to MyISAM (bsc#976341).

  - CVE-2016-0642: Unspecified vulnerability allowed local     users to affect integrity and availability via vectors     related to Federated (bsc#976341).

  - CVE-2016-0643: Unspecified vulnerability allowed local     users to affect confidentiality via vectors related to     DML (bsc#976341).

  - CVE-2016-0666: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Security: Privileges (bsc#976341).

  - CVE-2016-0651: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Optimizer (bsc#976341).

  - CVE-2016-0650: Unspecified vulnerability allowed local     users to affect availability via vectors related to     Replication (bsc#976341).

  - CVE-2016-0648: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#976341).

  - CVE-2016-0649: Unspecified vulnerability allowed local     users to affect availability via vectors related to PS     (bsc#976341).

  - CVE-2016-2047: The ssl_verify_server_cert function in     sql-common/client.c did not properly verify that the     server hostname matches a domain name in the subject's     Common Name (CN) or subjectAltName field of the X.509     certificate, which allowed man-in-the-middle attackers     to spoof SSL servers via a '/CN=' string in a field in a     certificate, as demonstrated by     '/OU=/CN=bar.com/CN=foo.com (bsc#963806).

More details are available at

- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html

- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Oracle reports reports :

Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.47 and is affected by multiple issues :

 - A flaw exists that is triggered when repeatedly executing a prepared statement when the default database has been changed.  This may allow an authenticated attacker to cause a server exit.
 - A flaw exists that is triggered when updating views using ALL comparison operators on subqueries that select from indexed columns in the main table.  This may allow an authenticated attacker to cause the server to exit.
 - An overflow condition exists in 'strcpy()' and 'sprintf()'.  The issue is triggered as user-supplied input is not properly validated.  This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
 - A flaw exists that is triggered when handling concurrent FLUSH PRIVILEGES and REVOKE or GRANT statements.  This may allow an authenticated attacker to cause the server to exit by triggering an invalid memory access to proxy user information.
 - A flaw exists that is triggered on the second execution of a prepared statement where an ORDER BY clause references a column position.  This may allow an authenticated attacker to cause the server to exit.
 - An unspecified flaw exists related to the Client subcomponent.  This may allow a local attacker to gain elevated privileges.  No further details have been provided by the vendor. (CVE-2016-0546)
 - An unspecified flaw exists related to the Server:Security:Encryption subcomponent.  This may allow an authenticated attacker to have an unspecified impact on integrity.  No further details have been provided by the vendor. (CVE-2016-0606)

Additionally, multiple unspecified flaws exist related to the following subcomponents :
 - Server:Options
 - Server:DML
 - Server:Optimizer
 - Server:Optimizer
 - Server:DML
 - Server:InnoDB
 - Server:UDF
 - Server:Security:Privileges
These flaws may allow an authenticated attacker to cause a denial of service.  No further details have been provided by the vendor.
 - An unspecified flaw related to the Optimizer subcomponent may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a newer upstream version:
MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

Security Fix(es) :

* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)

* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es) :

* When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a 'Duplicate key' error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)

From Red Hat Security Advisory 2016:0534 :

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a newer upstream version:
MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

Security Fix(es) :

* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)

* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es) :

* When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a 'Duplicate key' error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)

The version of Oracle MySQL installed on the remote host is 5.5.x prior to 5.5.47. It is, therefore, affected by the following vulnerabilities :

  - An unspecified flaw exists in the Server : Options     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0505)

  - An unspecified flaw exists in the Client subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-0546)

  - An unspecified flaw exists in the Server : DML     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0596)

  - Multiple unspecified flaws exist in the Server :
    Optimizer subcomponent that allows an authenticated,     remote attacker to cause a denial of service.
    (CVE-2016-0597, CVE-2016-0598, CVE-2016-0616)

  - An unspecified flaw exists in the Server : InnoDB     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0600)

  - An unspecified flaw exists in the Server : Security :
    Encryption subcomponent that allows an authenticated,     remote attacker to impact integrity. (CVE-2016-0606,     CVE-2016-0609)

  - An unspecified flaw exists in the Server : UDF     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0608)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0651)     
  - A denial of service vulnerability exists due to     repeatedly executing a prepared statement when the     default database has been changed. An authenticated,     remote attacker can exploit this to cause the server to     exit.

  - A denial of service vulnerability exists that is     triggered when updating views using ALL comparison     operators on subqueries that select from indexed columns     in the main table. An authenticated, remote attacker can     exploit this to cause the server to exit, resulting in a     denial of service condition.

  - A remote code execution vulnerability exists due to     improper validation of user-supplied input to the     strcpy() and sprintf() functions. An authenticated,     remote attacker can exploit this to cause a buffer     overflow, resulting in a denial of service condition or     the execution of arbitrary code.

  - A denial of service vulnerability exists that is     triggered when handling concurrent FLUSH PRIVILEGES and     REVOKE or GRANT statements. An authenticated, remote     attacker can exploit this to cause the server to exit by     triggering an invalid memory access to proxy user     information.

  - A denial of service vulnerability exists that is     triggered on the second execution of a prepared     statement where an ORDER BY clause references a column     position. An authenticated, remote attacker can exploit     this to cause the server to exit.

The version of MySQL running on the remote host is 5.5.x prior to 5.5.47. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Server : Options     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0505)

  - An unspecified flaw exists in the Client subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-0546)

  - An unspecified flaw exists in the Server : DML     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0596)

  - Multiple unspecified flaws exist in the Server :
    Optimizer subcomponent that allows an authenticated,     remote attacker to cause a denial of service.
    (CVE-2016-0597, CVE-2016-0598, CVE-2016-0616)

  - An unspecified flaw exists in the Server : InnoDB     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0600)

  - An unspecified flaw exists in the Server : Security :
    Encryption subcomponent that allows an authenticated,     remote attacker to impact integrity. (CVE-2016-0606,     CVE-2016-0609)

  - An unspecified flaw exists in the Server : UDF     subcomponent that allows an authenticated, remote     attacker to cause a denial of service. (CVE-2016-0608)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0651)     
  - A denial of service vulnerability exists due to     repeatedly executing a prepared statement when the     default database has been changed. An authenticated,     remote attacker can exploit this to cause the server to     exit.

  - A denial of service vulnerability exists that is     triggered when updating views using ALL comparison     operators on subqueries that select from indexed columns     in the main table. An authenticated, remote attacker can     exploit this to cause the server to exit, resulting in a     denial of service condition.

  - A remote code execution vulnerability exists due to     improper validation of user-supplied input to the     strcpy() and sprintf() functions. An authenticated,     remote attacker can exploit this to cause a buffer     overflow, resulting in a denial of service condition or     the execution of arbitrary code.

  - A denial of service vulnerability exists that is     triggered when handling concurrent FLUSH PRIVILEGES and     REVOKE or GRANT statements. An authenticated, remote     attacker can exploit this to cause the server to exit by     triggering an invalid memory access to proxy user     information.

  - A denial of service vulnerability exists that is     triggered on the second execution of a prepared     statement where an ORDER BY clause references a column     position. An authenticated, remote attacker can exploit     this to cause the server to exit.

ID	Name	Product	Family	Severity
93159	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:1620-1)	Nessus	SuSE Local Security Checks	high
93158	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:1619-1)	Nessus	SuSE Local Security Checks	high
93016	Amazon Linux AMI : mysql55 (ALAS-2016-738)	Nessus	Amazon Linux Local Security Checks	high
91871	openSUSE Security Update : mariadb (openSUSE-2016-780)	Nessus	SuSE Local Security Checks	high
91794	openSUSE Security Update : mariadb (openSUSE-2016-761)	Nessus	SuSE Local Security Checks	high
91121	SUSE SLES11 Security Update : mysql (SUSE-SU-2016:1279-1)	Nessus	SuSE Local Security Checks	medium
90847	FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	critical
9253	Oracle MySQL 5.5.x < 5.5.47 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
90300	RHEL 7 : mariadb (RHSA-2016:0534)	Nessus	Red Hat Local Security Checks	high
90296	Oracle Linux 7 : mariadb (ELSA-2016-0534)	Nessus	Oracle Linux Local Security Checks	high
90276	CentOS 7 : mariadb (CESA-2016:0534)	Nessus	CentOS Local Security Checks	high
88380	Oracle MySQL 5.5.x < 5.5.47 Multiple Vulnerabilities (January 2016 CPU) (April 2016 CPU)	Nessus	Databases	high
87419	MySQL 5.5.x < 5.5.47 Multiple Vulnerabilities	Nessus	Databases	high

CVE-2016-0651

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins