SB2017012632 - Amazon Linux AMI update for mysql55

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017012632

SB2017012632 - Amazon Linux AMI update for mysql55

Published: January 26, 2017

Security Bulletin ID SB2017012632
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 43% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2017-3238)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).


2) Input validation error (CVE-ID: CVE-2017-3243)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).


3) Input validation error (CVE-ID: CVE-2017-3244)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).


4) Input validation error (CVE-ID: CVE-2017-3258)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).


5) Information disclosure (CVE-ID: CVE-2017-3313)

The vulnerability allows a local high privileged attacker to obtain potentially sensitive information.

The weakness exists due to an error in MyISAM component. A local attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

6) Input validation error (CVE-ID: CVE-2017-3317)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).


7) Input validation error (CVE-ID: CVE-2017-3318)

The vulnerability allows a local privileged user to gain access to sensitive information.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).


Remediation

Install update from vendor's website.

References