Amazon Linux AMI update for mysql57



Published: 2019-03-26
Risk Low
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2019-2486
CVE-2019-2434
CVE-2019-2507
CVE-2019-2481
CVE-2019-2482
CVE-2019-2534
CVE-2019-2537
CVE-2019-2510
CVE-2019-2531
CVE-2019-2455
CVE-2019-2532
CVE-2019-2420
CVE-2019-2503
CVE-2019-2528
CVE-2019-2529
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU17045

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2486

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU17027

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2434

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

EUVDB-ID: #VU17041

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2507

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU17040

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2481

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU17024

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2482

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU17026

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2534

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Denial of service

EUVDB-ID: #VU17038

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2537

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Denial of service

EUVDB-ID: #VU17033

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2510

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Denial of service

EUVDB-ID: #VU17044

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2531

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Denial of service

EUVDB-ID: #VU17028

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2455

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU17046

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2532

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Denial of service

EUVDB-ID: #VU17039

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2420

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU17029

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2503

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Denial of service

EUVDB-ID: #VU17043

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2528

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Denial of service

EUVDB-ID: #VU17025

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2529

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1181.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###