http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

1035606

Oracle reports reports :

Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier

The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in file rsa_ameth.c due to improper     handling of ASN.1 signatures that are missing the PSS     parameter. A remote attacker can exploit this to cause     the signature verification routine to crash, resulting     in a denial of service condition. (CVE-2015-3194)

  - A flaw exists in the ASN1_TFLG_COMBINE implementation in     file tasn_dec.c related to handling malformed     X509_ATTRIBUTE structures. A remote attacker can exploit     this to cause a memory leak by triggering a decoding     failure in a PKCS#7 or CMS application, resulting in a     denial of service. (CVE-2015-3195)

  - An unspecified flaw exists in the DML subcomponent that     allows a local attacker to impact integrity and     availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows a local attacker to disclose potentially     sensitive information or cause a denial of service     condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that     allows a local attacker to cause a denial of service     condition. (CVE-2016-0644)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow a local attacker to cause a denial of     service condition. (CVE-2016-0646, CVE-2016-0652)

  - An unspecified flaw exists in the PS subcomponent that     allows a local attacker to cause a denial of service     condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-0650)

  - An unspecified flaw exists in the FTS subcomponent that     allows a local attacker to cause a denial of service     condition. (CVE-2016-0653)

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow a local attacker to cause a     denial of service condition. (CVE-2016-0654,     CVE-2016-0656, CVE-2016-0668)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows a local attacker to cause a denial of     service condition. (CVE-2016-0658)

  - An unspecified flaw exists in the Options subcomponent     that allows a local attacker to cause a denial of     service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Performance Schema     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-0663)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-0665)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an unauthenticated, remote     attacker to disclose potentially sensitive information.
    (CVE-2016-3452)

  - A denial of service vulnerability exists in the bundled     OpenSSL library due to improper handling of variables     declared as TEXT or BLOB. An authenticated, remote     attacker can exploit this to corrupt data or cause a     denial of service condition.

  - A denial of service vulnerability exists that is     triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An     authenticated, remote attacker can exploit this to     create an improper table or cause the server to exit,     resulting in a denial of service condition.

  - A denial of service vulnerability exists due to improper     handling of queries that contain 'WHERE 0'. An     authenticated, remote attacker can exploit this to cause     an uninitialized read, resulting in a denial of service     condition.

The version of MySQL installed on the remote host is 5.5.x prior to 5.5.48, 5.6.x prior to 5.6.29, or 5.7.x prior to 5.7.11, and is affected by vulnerabilities in the following components :

 - Data Manipulation Language
 - Data Definition Language
 - Full-Text Search
 - MyISAM
 - PeopleSoft
 - Performance Schema
 - Pluggable Authentication
 - Replication
 - Server Connection
 - Server:Security
 - Server:InnoDB
 - Server:Optimizer
 - Server:Options

The version of MySQL running on the remote host is 5.7.x prior to 5.7.11. It is, therefore, potentially affected by multiple vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in file rsa_ameth.c due to improper     handling of ASN.1 signatures that are missing the PSS     parameter. A remote attacker can exploit this to cause     the signature verification routine to crash, resulting     in a denial of service condition. (CVE-2015-3194)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to impact     integrity and availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows an authenticated, remote attacker to     disclose sensitive information or cause a denial of     service condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0644)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0646,     CVE-2016-0652)

  - An unspecified flaw exists in the PS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0650)

  - An unspecified flaw exists in the FTS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0653)

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0658)

  - An unspecified flaw exists in the Options subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Performance Schema     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0663)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0665)

  - A denial of service vulnerability exists in the bundled     OpenSSL library due to improper handling of variables     declared as TEXT or BLOB. An authenticated, remote     attacker can exploit this to corrupt data or cause a     denial of service condition.

  - A denial of service vulnerability exists that is     triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An     authenticated, remote attacker can exploit this to     create an improper table or cause the server to exit,     resulting in a denial of service condition.

  - A denial of service vulnerability exists due to improper     handling of queries that contain 'WHERE 0'. An     authenticated, remote attacker can exploit this to cause     an uninitialized read, resulting in a denial of service     condition.

ID	Name	Product	Family	Severity
90847	FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	critical
90833	Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)	Nessus	Databases	medium
9259	Oracle MySQL 5.5.x < 5.5.48 / 5.6.x < 5.6.29 / 5.7.x < 5.7.11 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
89056	MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities	Nessus	Databases	medium

CVE-2016-0654

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins