Amazon Linux AMI update for mysql57



Published: 2018-05-25 | Updated: 2018-05-30
Risk Low
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2018-2819
CVE-2018-2759
CVE-2018-2839
CVE-2018-2755
CVE-2018-2846
CVE-2018-2779
CVE-2018-2775
CVE-2018-2817
CVE-2018-2816
CVE-2018-2771
CVE-2018-2813
CVE-2018-2773
CVE-2018-2762
CVE-2018-2761
CVE-2018-2777
CVE-2018-2766
CVE-2018-2769
CVE-2018-2758
CVE-2018-2810
CVE-2018-2781
CVE-2018-2780
CVE-2018-2782
CVE-2018-2784
CVE-2018-2787
CVE-2018-2786
CVE-2018-2778
CVE-2018-2812
CVE-2018-2776
CVE-2018-2818
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU12038

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2819

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU12011

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2759

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU12039

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2839

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU12009

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2755

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Security restrictions bypass

EUVDB-ID: #VU12040

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2846

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU12022

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2779

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

EUVDB-ID: #VU12018

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2775

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Security restrictions bypass

EUVDB-ID: #VU12036

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2817

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU12034

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2816

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Security restrictions bypass

EUVDB-ID: #VU12016

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2771

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Security restrictions bypass

EUVDB-ID: #VU12033

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2813

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can gain unauthorized read access to a subset of MySQL Server accessible data.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Security restrictions bypass

EUVDB-ID: #VU12017

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2773

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU12013

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2762

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Security restrictions bypass

EUVDB-ID: #VU12012

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2761

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security restrictions bypass

EUVDB-ID: #VU12020

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2777

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Security restrictions bypass

EUVDB-ID: #VU12014

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2766

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Security restrictions bypass

EUVDB-ID: #VU12015

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2769

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security restrictions bypass

EUVDB-ID: #VU12010

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2758

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Security restrictions bypass

EUVDB-ID: #VU12031

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2810

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Security restrictions bypass

EUVDB-ID: #VU12024

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2781

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security restrictions bypass

EUVDB-ID: #VU12023

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2780

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Security restrictions bypass

EUVDB-ID: #VU12025

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2782

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security restrictions bypass

EUVDB-ID: #VU12027

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2784

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Security restrictions bypass

EUVDB-ID: #VU12029

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2787

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Security restrictions bypass

EUVDB-ID: #VU12028

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2786

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Security restrictions bypass

EUVDB-ID: #VU12021

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2778

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Security restrictions bypass

EUVDB-ID: #VU12032

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2812

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Security restrictions bypass

EUVDB-ID: #VU12019

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2776

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Security restrictions bypass

EUVDB-ID: #VU12037

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2818

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    mysql57-server-5.7.22-2.7.amzn1.i686
    mysql57-common-5.7.22-2.7.amzn1.i686
    mysql57-libs-5.7.22-2.7.amzn1.i686
    mysql57-test-5.7.22-2.7.amzn1.i686
    mysql57-5.7.22-2.7.amzn1.i686
    mysql57-devel-5.7.22-2.7.amzn1.i686
    mysql57-debuginfo-5.7.22-2.7.amzn1.i686
    mysql57-errmsg-5.7.22-2.7.amzn1.i686
    mysql57-embedded-devel-5.7.22-2.7.amzn1.i686
    mysql57-embedded-5.7.22-2.7.amzn1.i686

src:
    mysql57-5.7.22-2.7.amzn1.src

x86_64:
    mysql57-server-5.7.22-2.7.amzn1.x86_64
    mysql57-common-5.7.22-2.7.amzn1.x86_64
    mysql57-5.7.22-2.7.amzn1.x86_64
    mysql57-devel-5.7.22-2.7.amzn1.x86_64
    mysql57-test-5.7.22-2.7.amzn1.x86_64
    mysql57-errmsg-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-5.7.22-2.7.amzn1.x86_64
    mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64
    mysql57-libs-5.7.22-2.7.amzn1.x86_64
    mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1026.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###