Synopsis
The remote database server is missing a critical Oracle MySQL patch update.
Description
The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected by errors in the following components :
- C API SSL CERTIFICATE HANDLING
- CLIENT:SSL:yaSSL
- SERVER:DML
- SERVER:INNODB DML FOREIGN KEYS
- SERVER:OPTIMIZER
- SERVER:SSL:yaSSL
- A use-after-free error exists in the 'mysql_prune_stmt_list()' function in 'client.c' that may allow an authenticated attacker to dereference already freed memory and crash the database.
Solution
Upgrade to MySQL 5.5.40 or 5.6.21 or later.