RHSA-2016:1601

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

93755

1037050

GLSA-201701-01

The remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MariaDB and MySQL.
      Please review the CVE identifiers referenced below for details.
  Impact :

    Attackers could execute arbitrary code, escalate privileges, and impact       availability via unspecified vectors.
  Workaround :

    There is no known workaround at this time.

mysql-community-server was updated to 5.6.34 to fix the following issues :

  - Changes     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     34.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     33.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     32.html     http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-     31.html

  - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440,     CVE-2016-5584, CVE-2016-5617, CVE-2016-5616,     CVE-2016-5626, CVE-2016-3492, CVE-2016-5629,     CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,     CVE-2016-5612, CVE-2016-5627, CVE-2016-5630,     CVE-2016-8284, CVE-2016-8288, CVE-2016-3477,     CVE-2016-2105, CVE-2016-3486, CVE-2016-3501,     CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,     CVE-2016-3459, CVE-2016-5439, CVE-2016-5440

  - fixes SUSE Bugs: [boo#999666], [boo#998309],     [boo#1005581], [boo#1005558], [boo#1005563],     [boo#1005562], [boo#1005566], [boo#1005555],     [boo#1005569], [boo#1005557], [boo#1005582],     [boo#1005560], [boo#1005561], [boo#1005567],     [boo#1005570], [boo#1005583], [boo#1005586],     [boo#989913], [boo#977614], [boo#989914], [boo#989915],     [boo#989919], [boo#989922], [boo#989921], [boo#989911],     [boo#989925], [boo#989926]

  - append '--ignore-db-dir=lost+found' to the mysqld     options in 'mysql-systemd-helper' script if 'lost+found'     directory is found in $datadir [boo#986251] 

  - remove syslog.target from *.service files [boo#983938]

  - add systemd to deps to build on leap and friends 

  - replace '%{_libexecdir}/systemd/system' with %{_unitdir}     macro

  - remove useless mysql@default.service [boo#971456]

  - replace all occurrences of the string '@sysconfdir@'     with '/etc' in     mysql-community-server-5.6.3-logrotate.patch as it     wasn't expanded properly [boo#990890]

  - remove '%define _rundir' as 13.1 is out of support scope

  - run 'usermod -g mysql mysql' only if mysql user is not     in mysql group. Run 'usermod -s /bin/false/ mysql' only     if mysql user doesn't have '/bin/false' shell set.

  - re-enable mysql profiling

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.14 and is affected by multiple issues :

 - A flaw exists in InnoDB that is triggered when selecting full-text index information schema tables for a deleted table.  This may allow an authenticated attacker to crash the database.
 - A flaw exists in InnoDB that is triggered during the handling of 'ALTER TABLE' operations on a table with an indexed virtual column.  This may allow an authenticated attacker to crash the database.
 - A flaw exists in a library used by MySQL.  Specifically, the Henry Spencer regex Library (rxspencer) contains an overflow condition that is triggered as certain input is not properly validated.  This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact that may include a denial of service in a process linked against the library or potentially allow the execution of arbitrary code.
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Memcached subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Performance Schema subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. 
 - An unspecified flaw exists related to the RBR subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Security:Audit subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Replication subcomponent. This may allow a context-dependent attacker to cause a denial of service. No further details have been provided by the vendor.

The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.32 and is affected by multiple issues :

 - A flaw exists in the 'NAME_CONST()' function that is triggered during the handling of certain arguments.  This may allow an authenticated attacker to crash the database.
 - A flaw exists in InnoDB that is triggered when selecting full-text index information schema tables for a deleted table.  This may allow an authenticated attacker to crash the database.
 - A flaw exists in a library used by MySQL.  Specifically, the Henry Spencer regex Library (rxspencer) contains an overflow condition that is triggered as certain input is not properly validated.  This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact that may include a denial of service in a process linked against the library or potentially allow the execution of arbitrary code.
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. 
 - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. 
 - An unspecified flaw exists related to the Replication subcomponent. This may allow a local attacker to cause a denial of service. No further details have been provided by the vendor.

The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities :

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5612)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5628)

  - An unspecified flaw exists in the Memcached     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5631)

  - Multiple unspecified flaws exist in the Performance     Schema subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5633, CVE-2016-8290)

  - An unspecified flaw exists in the RBR subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5634)

  - An unspecified flaw exists in the Security: Audit     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5635)

  - An unspecified flaw exists in the Replication     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-8284)

  - An unspecified flaw exists in the Replication     subcomponent that allows a authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-8287)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows a local attacker to impact integrity and     availability. (CVE-2016-8289)

  - A denial of service vulnerability exists in InnoDB when     selecting full-text index information schema tables for     a deleted table. An authenticated, remote attacker can     exploit this to cause a segmentation fault.

  - A denial of service vulnerability exists in InnoDB when     handling ALTER TABLE operations on tables that have an     indexed virtual column. An authenticated, remote     attacker can exploit this to cause an assertion failure,     resulting in a server crash.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5612)

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5627, CVE-2016-5630)

  - An unspecified flaw exists in the Replication     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-8284)

  - A denial of service vulnerability exists in the     NAME_CONST() function when handling certain unspecified     arguments. An authenticated, remote attacker can exploit     this to cause the server to exit.

  - A denial of service vulnerability exists in InnoDB when     selecting full-text index information schema tables for     a deleted table. An authenticated, remote attacker can     exploit this to cause a segmentation fault.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
96232	GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
94756	openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)	Nessus	SuSE Local Security Checks	critical
94694	openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)	Nessus	SuSE Local Security Checks	critical
9617	Oracle MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
9613	Oracle MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
93005	MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities	Nessus	Databases	medium
93004	MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities	Nessus	Databases	medium
93003	MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities	Nessus	Databases	medium
93002	MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities	Nessus	Databases	medium

CVE-2016-8284

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins