Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle MySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities

High

Synopsis

The remote database server is missing a critical Oracle MySQL patch update.

Description

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected by errors in the following components :

- C API SSL CERTIFICATE HANDLING (OSVDB 113259) - CLIENT:SSL:yaSSL (OSVDB 113260, OSVDB 113261) - SERVER:DML (OSVDB 113257) - SERVER:INNODB DML FOREIGN KEYS (OSVDB 113267) - SERVER:OPTIMIZER (OSVDB 113255) - SERVER:SSL:yaSSL (OSVDB 113253, OSVDB 113254)

- A use-after-free error exists in the 'mysql_prune_stmt_list()' function in 'client.c' that may allow an authenticated attacker to dereference already freed memory and crash the database. (OSVDB 151210)

Solution

Upgrade to MySQL 5.5.40 or 5.6.21 or later.