The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of MySQL: multiple vulnerabilities of April 2016

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of MySQL.
Impacted software: Mac OS X, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this computer vulnerability: 3/4.
Number of vulnerabilities in this bulletin: 31.
Creation date: 12/04/2016.
Revision date: 20/04/2016.
Références of this announce: 2014202, CERTFR-2016-AVI-138, cpuapr2016, CVE-2015-3194, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0652, CVE-2016-0653, CVE-2016-0654, CVE-2016-0655, CVE-2016-0656, CVE-2016-0657, CVE-2016-0658, CVE-2016-0659, CVE-2016-0661, CVE-2016-0662, CVE-2016-0663, CVE-2016-0665, CVE-2016-0666, CVE-2016-0667, CVE-2016-0668, CVE-2016-0705, CVE-2016-2047, CVE-2016-3461, DLA-447-1, DSA-2020-062, DSA-3557-1, DSA-3595-1, FEDORA-2016-1aaf308de4, FEDORA-2016-7c48036d73, FEDORA-2016-dfa325d31b, HT209139, openSUSE-SU-2016:1332-1, openSUSE-SU-2016:1664-1, openSUSE-SU-2016:1686-1, RHSA-2016:0705-01, RHSA-2016:1132-01, RHSA-2016:1480-01, RHSA-2016:1481-01, SOL01409145, SUSE-SU-2016:1279-1, SUSE-SU-2016:1619-1, SUSE-SU-2016:1620-1, USN-2953-1, USN-2954-1, VIGILANCE-VUL-19342.

Description of the vulnerability 

An attacker can use several vulnerabilities of MySQL.

An attacker can use a vulnerability of Server: Packaging, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0705]

An attacker can use a vulnerability of Server: Pluggable Authentication, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0639]

An attacker can use a vulnerability of Server: Security: Encryption, in order to trigger a denial of service. [severity:3/4; CVE-2015-3194]

An attacker can use a vulnerability of Monitoring: Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3461]

An attacker can use a vulnerability of Server: DML, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0640]

An attacker can use a vulnerability of Server: Connection Handling, in order to alter information. [severity:2/4; CVE-2016-2047]

An attacker can use a vulnerability of Server: DDL, in order to trigger a denial of service. [severity:2/4; CVE-2016-0644]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0646]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0652]

An attacker can use a vulnerability of Server: FTS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0647]

An attacker can use a vulnerability of Server: FTS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0653]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0654]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0656]

An attacker can use a vulnerability of Server: JSON, in order to obtain information. [severity:2/4; CVE-2016-0657]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0658]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0651]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0659]

An attacker can use a vulnerability of Server: PS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0648]

An attacker can use a vulnerability of Server: PS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0649]

An attacker can use a vulnerability of Server: Partition, in order to trigger a denial of service. [severity:2/4; CVE-2016-0662]

An attacker can use a vulnerability of Server: Replication, in order to trigger a denial of service. [severity:2/4; CVE-2016-0650]

An attacker can use a vulnerability of Server: Security: Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2016-0665]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2016-0666]

An attacker can use a vulnerability of Server: MyISAM, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2016-0641]

An attacker can use a vulnerability of Server: Federated, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0642]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0655]

An attacker can use a vulnerability of Server: Options, in order to trigger a denial of service. [severity:2/4; CVE-2016-0661]

An attacker can use a vulnerability of Server: Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2016-0663]

An attacker can use a vulnerability of Server: Locking, in order to trigger a denial of service. [severity:2/4; CVE-2016-0667]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0668]

An attacker can use a vulnerability of Server: DML, in order to obtain information. [severity:1/4; CVE-2016-0643]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security announce impacts software or systems such as Mac OS X, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this threat is important.

The trust level is of type confirmed by the editor, with an origin of user account.

This bulletin is about 31 vulnerabilities.

An attacker with a expert ability can exploit this computer vulnerability announce.

Solutions for this threat 

MySQL: version 5.7.12.
The version 5.7.12 is fixed:
  http://dev.mysql.com/downloads/mysql/

MySQL: version 5.6.30.
The version 5.6.30 is fixed:
  http://dev.mysql.com/downloads/mysql/

MySQL: version 5.5.49.
The version 5.5.49 is fixed:
  http://dev.mysql.com/downloads/mysql/

Apple macOS: version 10.14.
The version 10.14 is fixed:
  https://support.apple.com/

Debian 8: new mariadb-10.0 packages.
New packages are available:
  Debian 8: mariadb-10.0 10.0.25-0+deb8u1

Debian: new mysql-5.5 packages.
New packages are available:
  Debian 7: mysql-5.5 5.5.49-0+deb7u1
  Debian 8: mysql-5.5 5.5.49-0+deb8u1

Dell EMC Unisphere for PowerMax: solution.
The solution is indicated in information sources.

F5 BIG-IP: solution for MySQL.
The solution is indicated in information sources.

Fedora: new community-mysql packages.
New packages are available:
  Fedora 22: community-mysql 5.6.30-1.fc22
  Fedora 23: community-mysql 5.6.30-1.fc23
  Fedora 24: community-mysql 5.7.12-1.fc24

IBM Cognos Business Intelligence: solution.
The solution is indicated in information sources.

openSUSE: new mariadb packages.
New packages are available:
  openSUSE 13.2: mariadb 10.0.25-2.24.1
  openSUSE Leap 42.1: mariadb 10.0.25-6.1

openSUSE: new mysql-community-server packages.
New packages are available:
  openSUSE 13.2: mysql-community-server 5.6.30-2.20.2
  openSUSE Leap 42.1: mysql-community-server 5.6.30-16.2

Percona Server: version 5.5.49-37.9.
The version 5.5.49-37.9 is fixed:
  https://www.percona.com/software/percona-server

Percona Server: version 5.6.30-76.3.
The version 5.6.30-76.3 is fixed:
  https://www.percona.com/downloads/Percona-Server-5.6/Percona-Server-5.6.30-76.3/

Percona Server: version 5.7.12-5.
The version 5.7.12-5 is fixed:
  https://www.percona.com/software/percona-server

RHEL: new mariadb55-mariadb packages (25/07/2016).
New packages are available:
  RHEL 6: mariadb55-mariadb 5.5.49-1.el6
  RHEL 7: mariadb55-mariadb 5.5.49-1.el7

RHEL: new mysql55-mysql packages.
New packages are available:
  RHEL 6: mysql55-mysql 5.5.50-1.el6
  RHEL 7: mysql55-mysql 5.5.50-1.el7

RHEL: new rh-mariadb100-mariadb packages.
New packages are available:
  RHEL 6: rh-mariadb100-mariadb 10.0.25-4.el6
  RHEL 7: rh-mariadb100-mariadb 10.0.25-4.el7

RHEL: new rh-mysql56-mysql packages.
New packages are available:
  RHEL 6: rh-mysql56-mysql 5.6.30-1.el6
  RHEL 7: rh-mysql56-mysql 5.6.30-1.el7

SUSE LE 11 SP4: new mysql packages.
New packages are available:
  SUSE LE 11 SP4: mysql 5.5.49-0.20.1

SUSE LE: new mariadb packages.
New packages are available:
  SUSE LE 12 RTM: mariadb 10.0.25-20.6.1
  SUSE LE 12 SP1: mariadb 10.0.25-6.1

Ubuntu: new mysql-server-5.7 packages.
New packages are available:
  Ubuntu 16.04 LTS: mysql-server-5.7 5.7.12-0ubuntu1

Ubuntu: new mysql-server-5.x packages.
New packages are available:
  Ubuntu 15.10: mysql-server-5.6 5.6.30-0ubuntu0.15.10.1
  Ubuntu 14.04 LTS: mysql-server-5.5 5.5.49-0ubuntu0.14.04.1
  Ubuntu 12.04 LTS: mysql-server-5.5 5.5.49-0ubuntu0.12.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity bulletins. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.