RHSA-2016:1601

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

91787

91980

1036362

USN-3040-1

mysql-community-server was updated to 5.6.34 to fix the following issues :

  - Changes     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     34.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     33.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     32.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     31.html

  - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440,     CVE-2016-5584, CVE-2016-5617, CVE-2016-5616,     CVE-2016-5626, CVE-2016-3492, CVE-2016-5629,     CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,     CVE-2016-5612, CVE-2016-5627, CVE-2016-5630,     CVE-2016-8284, CVE-2016-8288, CVE-2016-3477,     CVE-2016-2105, CVE-2016-3486, CVE-2016-3501,     CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,     CVE-2016-3459, CVE-2016-5439, CVE-2016-5440

  - fixes SUSE Bugs: [boo#999666], [boo#998309],     [boo#1005581], [boo#1005558], [boo#1005563],     [boo#1005562], [boo#1005566], [boo#1005555],     [boo#1005569], [boo#1005557], [boo#1005582],     [boo#1005560], [boo#1005561], [boo#1005567],     [boo#1005570], [boo#1005583], [boo#1005586],     [boo#989913], [boo#977614], [boo#989914], [boo#989915],     [boo#989919], [boo#989922], [boo#989921], [boo#989911],     [boo#989925], [boo#989926]

  - append '--ignore-db-dir=lost+found' to the mysqld     options in 'mysql-systemd-helper' script if 'lost+found'     directory is found in $datadir [boo#986251] 

  - remove syslog.target from *.service files [boo#983938]

  - add systemd to deps to build on leap and friends 

  - replace '%{_libexecdir}/systemd/system' with %{_unitdir}     macro

  - remove useless mysql@default.service [boo#971456]

  - replace all occurrences of the string '@sysconfdir@'     with '/etc' in     mysql-community-server-5.6.3-logrotate.patch as it     wasn't expanded properly [boo#990890]

  - remove '%define _rundir' as 13.1 is out of support scope

  - run 'usermod -g mysql mysql' only if mysql user is not     in mysql group. Run 'usermod -s /bin/false/ mysql' only     if mysql user doesn't have '/bin/false' shell set.

  - re-enable mysql profiling

The specific version of MySQL Server that the system is running is reportedly affected by the following vulnerabilities:

- Oracle MySQL Server contains an unspecified flaw related to the FTS subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-3486)

- Oracle MySQL Server contains an unspecified flaw related to the Optimizer subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-3501)

- Oracle MySQL Server contains an unspecified flaw related to the Encryption subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-3614)

- Oracle MySQL Server contains an unspecified flaw related to the InnoDB subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-3459)

- Oracle MySQL Server contains an unspecified flaw related to the Privileges subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5439)

The version of MySQL installed on the remote host is 5.5.x prior to 5.5.50, 5.6.x prior to 5.6.31, or 5.7.x prior to 5.7.13. It is therefore affected by vulnerabilities in the following components :

 - Connection
 - Data Manipulation Language
 - Encryption
 - Full-Text Search
 - InnoDB
 - Optimizer
 - Parser
 - Privileges
 - Row-Based Replication
 - Replication
 - Types

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. (CVE-2016-5440)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. (CVE-2016-3459)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. (CVE-2016-5439)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. (CVE-2016-3477)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. (CVE-2016-3614)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. (CVE-2016-3615)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. (CVE-2016-3521)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. (CVE-2016-3486)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. (CVE-2016-3501)

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720 .html.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Oracle reports :

The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier

The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities :

  - A heap buffer overflow condition exists in the     EVP_EncodeUpdate() function within file     crypto/evp/encode.c that is triggered when handling     a large amount of input data. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition. (CVE-2016-2105)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501,     CVE-2016-3518)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an unauthenticated, remote     attacker to disclose sensitive information.
    (CVE-2016-3452)

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-3459, CVE-2016-5436)

  - An unspecified flaw exists in the Parser subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-3477)

  - An unspecified flaw exists in the FTS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3486)

  - An unspecified flaw exists in the Types subcomponent     that allows an authenticated, remote attacker to cause     a denial of service condition. (CVE-2016-3521)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to impact     integrity and confidentiality. (CVE-2016-3588)

  - Multiple unspecified flaws exist in the Security:
    Encryption subcomponent that allow an authenticated,     remote attacker to cause a denial of service condition.
    (CVE-2016-3614, CVE-2016-5442)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3615)

  - An unspecified flaw exists in the Log subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5437)

  - An unspecified flaw exists in the Privileges     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5439)

  - An unspecified flaw exists in the RBR subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5440)

  - An unspecified flaw exists in the Replication     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5441)

  - An unspecified flaw exists in the Connection     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-5443)

  - An unspecified flaw exists in the Connection     subcomponent that allows an unauthenticated, remote     attacker to disclose sensitive information.
    (CVE-2016-5444)

  - An unspecified flaw exists in the InnoDB Plugin     subcomponent that allows an authenticated, remote     attacker to impact integrity. (CVE-2016-8288)

  - Multiple flaws exist in InnoDB that are triggered when     handling specially crafted 'ALTER TABLE' operations. An     authenticated, remote attacker can exploit these issues     to crash the database, resulting in a denial of service     condition.

  - Multiple overflow conditions exist due to improper     validation of user-supplied input. An authenticated,     remote attacker can exploit these issues to cause a     denial of service condition or the execution of     arbitrary code.

  - A NULL pointer dereference flaw exists in a parser     structure that is triggered during the validation of     stored procedure names. An authenticated, remote     attacker can exploit this to crash the database,     resulting in a denial of service condition.

  - Multiple overflow conditions exist in the InnoDB     memcached plugin due to improper validation of     user-supplied input. An authenticated, remote attacker     can exploit these issues to cause a denial of service     condition or the execution of arbitrary code.

  - An unspecified flaw exists that is triggered when     invoking Enterprise Encryption functions in multiple     threads simultaneously or after creating and dropping     them. An authenticated, remote attacker can exploit this     to crash the database, resulting in a denial of service     condition.

  - An unspecified flaw exists that is triggered when     handling a 'SELECT ... GROUP BY ... FOR UPDATE' query     executed with a loose index scan. An authenticated,     remote attacker can exploit this to crash the database,     resulting in a denial of service condition.

  - An unspecified flaw exists that is triggered when     performing a 'FLUSH TABLES' operation on a table with a     discarded tablespace. An authenticated, remote attacker     can exploit this to crash the database, resulting in a     denial of service condition.

  - A flaw exists in InnoDB that is triggered when     performing an 'OPTIMIZE TABLE' operation on a table with     a full-text index. An authenticated, remote attacker can     exploit this to crash the database, resulting in a     denial of service condition.

  - An unspecified flaw exists that is triggered when     performing an UPDATE operation on a generated virtual     BLOB column. An authenticated, remote attacker can     exploit this to crash the database, resulting in a     denial of service condition.

  - An unspecified flaw exists that is triggered when     performing a 'SHOW CREATE TABLE' operation on a table     with a generated column. An authenticated, remote     attacker can exploit this to crash the database,     resulting in a denial of service condition.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities :

  - A heap buffer overflow condition exists in the     EVP_EncodeUpdate() function within file     crypto/evp/encode.c that is triggered when handling     a large amount of input data. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition. (CVE-2016-2105)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an unauthenticated, remote     attacker to disclose sensitive information.
    (CVE-2016-3452)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3459)

  - An unspecified flaw exists in the Options subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-3471)

  - An unspecified flaw exists in the Parser subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-3477)

  - An unspecified flaw exists in the FTS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3486)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3501)

  - An unspecified flaw exists in the Types subcomponent     that allows an authenticated, remote attacker to cause     a denial of service condition. (CVE-2016-3521)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-3614)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3615)

  - An unspecified flaw exists in the Privileges     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5439)

  - An unspecified flaw exists in the RBR subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5440)

  - An unspecified flaw exists in the Connection     subcomponent that allows an unauthenticated, remote     attacker to disclose sensitive information.
    (CVE-2016-5444)

  - An unspecified flaw exists in the InnoDB Plugin     subcomponent that allows an authenticated, remote     attacker to impact integrity. (CVE-2016-8288)

  - Multiple overflow conditions exist due to improper     validation of user-supplied input. An authenticated,     remote attacker can exploit these issues to cause a     denial of service condition or the execution of     arbitrary code.

  - A NULL pointer dereference flaw exists in a parser     structure that is triggered during the validation of     stored procedure names. An authenticated, remote     attacker can exploit this to crash the database,     resulting in a denial of service condition.

  - Multiple overflow conditions exist in the InnoDB     memcached plugin due to improper validation of     user-supplied input. An authenticated, remote attacker     can exploit these issues to cause a denial of service     condition or the execution of arbitrary code.

  - An unspecified flaw exists that is triggered when     invoking Enterprise Encryption functions in multiple     threads simultaneously or after creating and dropping     them. An authenticated, remote attacker can exploit this     to crash the database, resulting in a denial of service     condition.

  - An unspecified flaw exists that is triggered when     handling a 'SELECT ... GROUP BY ... FOR UPDATE' query     executed with a loose index scan. An authenticated,     remote attacker can exploit this to crash the database,     resulting in a denial of service condition.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
94756	openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)	Nessus	SuSE Local Security Checks	critical
94694	openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)	Nessus	SuSE Local Security Checks	critical
802028	MySQL Server < 5.6.x < 5.6.31, 5.7.x < 5.7.13 Multiple Vulnerabilities	Log Correlation Engine	Database	medium
9483	Oracle MySQL 5.5.x < 5.5.50 / 5.6.x < 5.6.31 / 5.7.x < 5.7.13 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
93015	Amazon Linux AMI : mysql56 (ALAS-2016-737)	Nessus	Amazon Linux Local Security Checks	medium
92511	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : mysql-5.5, mysql-5.6, mysql-5.7 vulnerabilities (USN-3040-1)	Nessus	Ubuntu Local Security Checks	medium
92505	FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
91997	MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities	Nessus	Databases	high
91995	MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities	Nessus	Databases	high
91998	Oracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities	Nessus	Databases	high
91996	Oracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities	Nessus	Databases	high

CVE-2016-3486

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins