CVE-2016-0643
Description
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert_us@oracle.com — https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/
Vendor advisory: secalert_us@oracle.com — https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/
Vendor advisory: secalert_us@oracle.com — https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-0643.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| rhel | 6.0 | affected | |
| rhel | 7.0 | affected | |
| suse | 42.1 | affected | |
| debian | 8.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | powerkvm | 2.1 | |
| ibm | powerkvm | 3.1 | |
| oracle | mysql | {"startIncluding":"5.5.0","endIncluding":"5.5.48"} | |
| mariadb | mariadb | {"startIncluding":"5.5.20","endExcluding":"5.5.49"} | 5.5.49 |
| oracle | mysql | {"startIncluding":"5.6.0","endIncluding":"5.6.29"} | |
| oracle | mysql | {"startIncluding":"5.7.0","endIncluding":"5.7.11"} | |
| mariadb | mariadb | {"startIncluding":"10.0.0","endExcluding":"10.0.25"} | 10.0.25 |
| mariadb | mariadb | {"startIncluding":"10.1.0","endExcluding":"10.1.14"} | 10.1.14 |
References
- https://www.suse.com/security/cve/CVE-2016-0643.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.debian.org/security/2016/dsa-3557
- http://www.debian.org/security/2016/dsa-3595
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.securityfocus.com/bid/86486
- http://www.securitytracker.com/id/1035606
- http://www.ubuntu.com/usn/USN-2953-1
- http://www.ubuntu.com/usn/USN-2954-1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/
Verify integrity in audit chain (admin only). AS-IS.