8.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
75.8%
Issue Overview:
It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to UDF. (CVE-2016-0608)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. (CVE-2016-0609)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. (CVE-2016-0505)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0600)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-3452)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DDL. (CVE-2016-0644)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. (CVE-2016-3477)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect integrity and availability via vectors related to DML. (CVE-2016-0640)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. (CVE-2016-3521)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect integrity and availability via vectors related to Federated. (CVE-2016-0642)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect confidentiality via vectors related to DML. (CVE-2016-0643)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to Security: Privileges. (CVE-2016-0666)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. (CVE-2016-0651)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to Replication. (CVE-2016-0650)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to PS. (CVE-2016-0649)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. (CVE-2016-5440)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection. (CVE-2016-5444)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. (CVE-2016-0606)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to PS. (CVE-2016-0648)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DML. (CVE-2016-0646)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. (CVE-2016-0546)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to FTS. (CVE-2016-0647)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. (CVE-2016-3615)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. (CVE-2016-0641)
Affected Packages:
mysql55
Issue Correction:
Run yum update mysql55 to update your system.
New Packages:
i686:
mysql55-libs-5.5.51-1.11.amzn1.i686
mysql55-debuginfo-5.5.51-1.11.amzn1.i686
mysql55-bench-5.5.51-1.11.amzn1.i686
mysql55-embedded-devel-5.5.51-1.11.amzn1.i686
mysql55-test-5.5.51-1.11.amzn1.i686
mysql55-devel-5.5.51-1.11.amzn1.i686
mysql55-5.5.51-1.11.amzn1.i686
mysql55-server-5.5.51-1.11.amzn1.i686
mysql-config-5.5.51-1.11.amzn1.i686
mysql55-embedded-5.5.51-1.11.amzn1.i686
src:
mysql55-5.5.51-1.11.amzn1.src
x86_64:
mysql-config-5.5.51-1.11.amzn1.x86_64
mysql55-bench-5.5.51-1.11.amzn1.x86_64
mysql55-debuginfo-5.5.51-1.11.amzn1.x86_64
mysql55-libs-5.5.51-1.11.amzn1.x86_64
mysql55-server-5.5.51-1.11.amzn1.x86_64
mysql55-embedded-5.5.51-1.11.amzn1.x86_64
mysql55-embedded-devel-5.5.51-1.11.amzn1.x86_64
mysql55-devel-5.5.51-1.11.amzn1.x86_64
mysql55-test-5.5.51-1.11.amzn1.x86_64
mysql55-5.5.51-1.11.amzn1.x86_64
Red Hat: CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-2047, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444
Mitre: CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-2047, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | mysql55-libs | < 5.5.51-1.11.amzn1 | mysql55-libs-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-debuginfo | < 5.5.51-1.11.amzn1 | mysql55-debuginfo-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-bench | < 5.5.51-1.11.amzn1 | mysql55-bench-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-embedded-devel | < 5.5.51-1.11.amzn1 | mysql55-embedded-devel-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-test | < 5.5.51-1.11.amzn1 | mysql55-test-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-devel | < 5.5.51-1.11.amzn1 | mysql55-devel-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55 | < 5.5.51-1.11.amzn1 | mysql55-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-server | < 5.5.51-1.11.amzn1 | mysql55-server-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql-config | < 5.5.51-1.11.amzn1 | mysql-config-5.5.51-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mysql55-embedded | < 5.5.51-1.11.amzn1 | mysql55-embedded-5.5.51-1.11.amzn1.i686.rpm |
8.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
75.8%