SynopsisThe remote database server is affected by multiple denial of service vulnerabilities.
DescriptionThe version of MySQL running on the remote host is version 5.5.x prior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore, potentially affected by multiple denial of service vulnerabilities :
- A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)
- Additionally, there are unspecified flaws in the following MySQL subcomponents that allow a denial of service by an authenticated, remote attacker :
- XA (CVE-2015-0405)
- Optimizer (CVE-2015-0423)
- InnoDB : DML (CVE-2015-0433)
- Partition (CVE-2015-0438)
- InnoDB (CVE-2015-0439)
- Security : Encryption (CVE-2015-0441)
- DML (CVE-2015-2566)
- Security : Privileges (CVE-2015-2568)
- DDL (CVE-2015-2573)
SolutionUpgrade to MySQL version 5.5.42 / 5.6.23 or later as referenced in the Oracle April 2015 Critical Patch Update advisory.