CVE-2016-5444
Description
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert_us@oracle.com — https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/
Vendor advisory: secalert_us@oracle.com — https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/
Vendor advisory: secalert_us@oracle.com — https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 6.0 | affected | |
| rhel | 7.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | mysql | {"startIncluding":"5.5.0","endIncluding":"5.5.48"} | |
| mariadb | mariadb | {"startIncluding":"5.5.20","endExcluding":"5.5.49"} | 5.5.49 |
| ibm | powerkvm | 2.1 | |
| ibm | powerkvm | 3.1 | |
| oracle | mysql | {"startIncluding":"5.6.0","endIncluding":"5.6.29"} | |
| oracle | mysql | {"startIncluding":"5.7.0","endIncluding":"5.7.11"} | |
| mariadb | mariadb | {"startIncluding":"10.0.0","endExcluding":"10.0.25"} | 10.0.25 |
| mariadb | mariadb | {"startIncluding":"10.1.0","endExcluding":"10.1.14"} | 10.1.14 |
References
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91987
- http://www.securitytracker.com/id/1036362
- https://access.redhat.com/errata/RHSA-2016:1132
- https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91987
- http://www.securitytracker.com/id/1036362
- https://access.redhat.com/errata/RHSA-2016:1132
Verify integrity in audit chain (admin only). AS-IS.