The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert CVE-2016-3492 CVE-2016-3495 CVE-2016-5507

Oracle MySQL: vulnerabilities of October 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle MySQL.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Solaris, Percona Server, XtraDB Cluster, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Creation date: 18/10/2016.
Revision date: 19/10/2016.
Identifiers: bulletinapr2017, CERTFR-2016-AVI-351, cpuoct2016, CVE-2016-3492, CVE-2016-3495, CVE-2016-5507, CVE-2016-5584, CVE-2016-5598, CVE-2016-5609, CVE-2016-5612, CVE-2016-5616-REJECT, CVE-2016-5617-REJECT, CVE-2016-5624, CVE-2016-5625, CVE-2016-5626, CVE-2016-5627, CVE-2016-5628, CVE-2016-5629, CVE-2016-5630, CVE-2016-5631, CVE-2016-5632, CVE-2016-5633, CVE-2016-5634, CVE-2016-5635, CVE-2016-6663, CVE-2016-6664, CVE-2016-7440, CVE-2016-8283, CVE-2016-8284, CVE-2016-8286, CVE-2016-8287, CVE-2016-8288, CVE-2016-8289, CVE-2016-8290, DLA-708-1, DSA-3706-1, DSA-3711-1, FEDORA-2016-9b83c6862d, FEDORA-2016-c7e60a9fd4, K73828041, openSUSE-SU-2016:2746-1, openSUSE-SU-2016:2769-1, openSUSE-SU-2016:2788-1, openSUSE-SU-2016:3025-1, openSUSE-SU-2016:3028-1, RHSA-2016:2130-01, RHSA-2016:2131-01, RHSA-2016:2595-02, RHSA-2016:2749-01, RHSA-2016:2927-01, RHSA-2016:2928-01, RHSA-2017:0184-01, RHSA-2017:2192-01, SSA:2016-305-03, SUSE-SU-2016:2780-1, SUSE-SU-2016:2932-1, SUSE-SU-2016:2933-1, USN-3109-1, VIGILANCE-VUL-20891.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability via Server: Error Handling, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5617-REJECT, CVE-2016-6664]

An attacker can use a vulnerability via Server: MyISAM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5616-REJECT, CVE-2016-6663]

An attacker can use a vulnerability via Server: Packaging, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5625]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5609]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5612]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5624]

An attacker can use a vulnerability via Server: GIS, in order to trigger a denial of service. [severity:2/4; CVE-2016-5626]

An attacker can use a vulnerability via Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-5627]

An attacker can use a vulnerability via Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-3492]

An attacker can use a vulnerability via Connector/Python, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-5598]

An attacker can use a vulnerability via Server: Security: Encryption, in order to obtain information. [severity:2/4; CVE-2016-7440]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5628]

An attacker can use a vulnerability via Server: Federated, in order to trigger a denial of service. [severity:2/4; CVE-2016-5629]

An attacker can use a vulnerability via Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-3495]

An attacker can use a vulnerability via Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-5630]

An attacker can use a vulnerability via Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-5507]

An attacker can use a vulnerability via Server: Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2016-5631]

An attacker can use a vulnerability via Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-5632]

An attacker can use a vulnerability via Server: Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2016-5633]

An attacker can use a vulnerability via Server: RBR, in order to trigger a denial of service. [severity:2/4; CVE-2016-5634]

An attacker can use a vulnerability via Server: Security: Audit, in order to trigger a denial of service. [severity:2/4; CVE-2016-5635]

An attacker can use a vulnerability via Server: InnoDB, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-8289]

An attacker can use a vulnerability via Server: Replication, in order to trigger a denial of service. [severity:2/4; CVE-2016-8287]

An attacker can use a vulnerability via Server: Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2016-8290]

An attacker can use a vulnerability via Server: Security: Encryption, in order to obtain information. [severity:2/4; CVE-2016-5584]

An attacker can use a vulnerability via Server: Types, in order to trigger a denial of service. [severity:2/4; CVE-2016-8283]

An attacker can use a vulnerability via Server: InnoDB Plugin, in order to alter information. [severity:1/4; CVE-2016-8288]

An attacker can use a vulnerability via Server: Security: Privileges, in order to obtain information. [severity:1/4; CVE-2016-8286]

An attacker can use a vulnerability via Server: Replication, in order to trigger a denial of service. [severity:1/4; CVE-2016-8284]
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities analysis. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.