openSUSE-SU-2016:1332

RHSA-2016:0705

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

86511

1035606

USN-2953-1

This mysql-community-server version update to 5.6.30 fixes the following issues :

Security issues fixed :

  - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705,     CVE-2016-0639, CVE-2015-3194, CVE-2016-0640,     CVE-2016-2047, CVE-2016-0644, CVE-2016-0646,     CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,     CVE-2016-0650, CVE-2016-0665, CVE-2016-0666,     CVE-2016-0641, CVE-2016-0642, CVE-2016-0655,     CVE-2016-0661, CVE-2016-0668, CVE-2016-0643

  - changes     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     30.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     29.html

Bugs fixed :

  - don't delete the log data when migration fails

  - add 'log-error' and 'secure-file-priv' configuration     options (added via configuration-tweaks.tar.bz2)     [boo#963810]

  - add '/etc/my.cnf.d/error_log.conf' that specifies     'log-error = /var/log/mysql/mysqld.log'. If no path is     set, the error log is written to     '/var/lib/mysql/$HOSTNAME.err', which is not picked up     by logrotate.

  - add '/etc/my.cnf.d/secure_file_priv.conf' which     specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD     FILE()' will only work with files in the directory     specified by 'secure-file-priv' option     (='/var/lib/mysql-files').

Oracle reports reports :

Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier

The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in file rsa_ameth.c due to improper     handling of ASN.1 signatures that are missing the PSS     parameter. A remote attacker can exploit this to cause     the signature verification routine to crash, resulting     in a denial of service condition. (CVE-2015-3194)

  - A flaw exists in the ASN1_TFLG_COMBINE implementation in     file tasn_dec.c related to handling malformed     X509_ATTRIBUTE structures. A remote attacker can exploit     this to cause a memory leak by triggering a decoding     failure in a PKCS#7 or CMS application, resulting in a     denial of service. (CVE-2015-3195)

  - An unspecified flaw exists in the DML subcomponent that     allows a local attacker to impact integrity and     availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows a local attacker to disclose potentially     sensitive information or cause a denial of service     condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that     allows a local attacker to cause a denial of service     condition. (CVE-2016-0644)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow a local attacker to cause a denial of     service condition. (CVE-2016-0646, CVE-2016-0652)

  - An unspecified flaw exists in the PS subcomponent that     allows a local attacker to cause a denial of service     condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-0650)

  - An unspecified flaw exists in the FTS subcomponent that     allows a local attacker to cause a denial of service     condition. (CVE-2016-0653)

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow a local attacker to cause a     denial of service condition. (CVE-2016-0654,     CVE-2016-0656, CVE-2016-0668)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows a local attacker to cause a denial of     service condition. (CVE-2016-0658)

  - An unspecified flaw exists in the Options subcomponent     that allows a local attacker to cause a denial of     service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Performance Schema     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-0663)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-0665)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an unauthenticated, remote     attacker to disclose potentially sensitive information.
    (CVE-2016-3452)

  - A denial of service vulnerability exists in the bundled     OpenSSL library due to improper handling of variables     declared as TEXT or BLOB. An authenticated, remote     attacker can exploit this to corrupt data or cause a     denial of service condition.

  - A denial of service vulnerability exists that is     triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An     authenticated, remote attacker can exploit this to     create an improper table or cause the server to exit,     resulting in a denial of service condition.

  - A denial of service vulnerability exists due to improper     handling of queries that contain 'WHERE 0'. An     authenticated, remote attacker can exploit this to cause     an uninitialized read, resulting in a denial of service     condition.

The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by the following vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in file rsa_ameth.c due to improper     handling of ASN.1 signatures that are missing the PSS     parameter. A remote attacker can exploit this to cause     the signature verification routine to crash, resulting     in a denial of service condition. (CVE-2015-3194)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to impact     integrity and availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows an authenticated, remote attacker to     disclose sensitive information or cause a denial of     service condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0644)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0646)

  - An unspecified flaw exists in the PS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0650)

  - An unspecified flaw exists in the Options subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0665)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0668)

  - A denial of service vulnerability exists in the bundled     OpenSSL library due to improper handling of variables     declared as TEXT or BLOB. An authenticated, remote     attacker can exploit this to corrupt data or cause a     denial of service condition.

  - A denial of service vulnerability exists that is     triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An     authenticated, remote attacker can exploit this to     create an improper table or cause the server to exit,     resulting in a denial of service condition.

  - A denial of service vulnerability exists due to an     unspecified flaw in LOCK TABLES that is triggered when     opening a temporary MERGE table consisting of a view in     the list of tables. An authenticated, remote attacker     can exploit this to cause the server to exit, resulting     in a denial of service condition.

  - A denial of service vulnerability exists due to a flaw     that is triggered when repeatedly executing 'ALTER TABLE     v1 CHECK PARTITION' as a prepared statement. An     authenticated, remote attacker can exploit this to cause     the server to exit, resulting in a denial of service     condition.

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-29857 53.html.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of MySQL installed on the remote host is 5.5.x prior to 5.5.48, 5.6.x prior to 5.6.29, or 5.7.x prior to 5.7.11, and is affected by vulnerabilities in the following components :

 - Data Manipulation Language
 - Data Definition Language
 - Full-Text Search
 - MyISAM
 - PeopleSoft
 - Performance Schema
 - Pluggable Authentication
 - Replication
 - Server Connection
 - Server:Security
 - Server:InnoDB
 - Server:Optimizer
 - Server:Options

The version of MySQL running on the remote host is 5.7.x prior to 5.7.11. It is, therefore, potentially affected by multiple vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in file rsa_ameth.c due to improper     handling of ASN.1 signatures that are missing the PSS     parameter. A remote attacker can exploit this to cause     the signature verification routine to crash, resulting     in a denial of service condition. (CVE-2015-3194)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to impact     integrity and availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows an authenticated, remote attacker to     disclose sensitive information or cause a denial of     service condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0644)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0646,     CVE-2016-0652)

  - An unspecified flaw exists in the PS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0650)

  - An unspecified flaw exists in the FTS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0653)

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0658)

  - An unspecified flaw exists in the Options subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Performance Schema     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0663)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0665)

  - A denial of service vulnerability exists in the bundled     OpenSSL library due to improper handling of variables     declared as TEXT or BLOB. An authenticated, remote     attacker can exploit this to corrupt data or cause a     denial of service condition.

  - A denial of service vulnerability exists that is     triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An     authenticated, remote attacker can exploit this to     create an improper table or cause the server to exit,     resulting in a denial of service condition.

  - A denial of service vulnerability exists due to improper     handling of queries that contain 'WHERE 0'. An     authenticated, remote attacker can exploit this to cause     an uninitialized read, resulting in a denial of service     condition.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in file rsa_ameth.c due to improper     handling of ASN.1 signatures that are missing the PSS     parameter. A remote attacker can exploit this to cause     the signature verification routine to crash, resulting     in a denial of service condition. (CVE-2015-3194)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to impact     integrity and availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows an authenticated, remote attacker to     disclose sensitive information or cause a denial of     service condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0644)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0646)

  - An unspecified flaw exists in the PS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0650)

  - An unspecified flaw exists in the Options subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0665)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0668)

  - A denial of service vulnerability exists in the bundled     OpenSSL library due to improper handling of variables     declared as TEXT or BLOB. An authenticated, remote     attacker can exploit this to corrupt data or cause a     denial of service condition.

  - A denial of service vulnerability exists that is     triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An     authenticated, remote attacker can exploit this to     create an improper table or cause the server to exit,     resulting in a denial of service condition.

  - A denial of service vulnerability exists due to an     unspecified flaw in LOCK TABLES that is triggered when     opening a temporary MERGE table consisting of a view in     the list of tables. An authenticated, remote attacker     can exploit this to cause the server to exit, resulting     in a denial of service condition.

  - A denial of service vulnerability exists due to a flaw     that is triggered when repeatedly executing 'ALTER TABLE     v1 CHECK PARTITION' as a prepared statement. An     authenticated, remote attacker can exploit this to cause     the server to exit, resulting in a denial of service     condition.

ID	Name	Product	Family	Severity
91277	openSUSE Security Update : mysql-community-server (openSUSE-2016-607)	Nessus	SuSE Local Security Checks	critical
90847	FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	critical
90833	Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)	Nessus	Databases	medium
90831	Oracle MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities (April 2016 CPU)	Nessus	Databases	medium
90678	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2953-1)	Nessus	Ubuntu Local Security Checks	critical
9259	Oracle MySQL 5.5.x < 5.5.48 / 5.6.x < 5.6.29 / 5.7.x < 5.7.11 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
89056	MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities	Nessus	Databases	medium
89055	MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities	Nessus	Databases	medium

CVE-2016-0661

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins