CVE-2016-0597
First published: Thu Jan 21 2016(Updated: )
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <5.5.47 | 5.5.47 |
| redhat/mysql | <5.6.28 | 5.6.28 |
| redhat/mysql | <5.7.10 | 5.7.10 |
| redhat/mariadb | <5.5.47 | 5.5.47 |
| redhat/mariadb | <10.1.10 | 10.1.10 |
| redhat/mariadb | <10.0.23 | 10.0.23 |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =11.3 | |
| Oracle Linux | =7 | |
| SUSE Linux | =42.1 | |
| SUSE Linux | =13.2 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Ubuntu | =15.10 | |
| Debian | =8.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.2 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| MariaDB | >=5.5.20<5.5.47 | |
| MariaDB | >=10.0.0<10.0.23 | |
| MariaDB | >=10.1.0<10.1.10 | |
| Oracle MySQL | >=5.5.0<=5.5.46 | |
| Oracle MySQL | >=5.6.0<=5.6.27 | |
| Oracle MySQL | >=5.7.0<=5.7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2016-0534.html
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://www.debian.org/security/2016/dsa-3453
- http://www.debian.org/security/2016/dsa-3459
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/81151
- http://www.securitytracker.com/id/1034708
- http://www.ubuntu.com/usn/USN-2881-1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/
- https://mariadb.com/kb/en/mdb-10023-rn/
- http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1301518
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1301517
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1301519
- https://rhn.redhat.com/errata/RHSA-2016-0534.html
- https://rhn.redhat.com/errata/RHSA-2016-0705.html
- https://rhn.redhat.com/errata/RHSA-2016-1481.html
- https://rhn.redhat.com/errata/RHSA-2016-1480.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1301497
Frequently Asked Questions
What is the severity of CVE-2016-0597?
CVE-2016-0597 has a moderate severity level, allowing remote authenticated users to affect availability.
How do I fix CVE-2016-0597?
To fix CVE-2016-0597, upgrade MySQL to versions 5.5.47, 5.6.28, or 5.7.10, and MariaDB to versions 5.5.47, 10.0.23, or 10.1.10.
What versions are affected by CVE-2016-0597?
CVE-2016-0597 affects Oracle MySQL versions 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and earlier, as well as several MariaDB versions prior to their respective fixes.
Are remote unauthenticated users affected by CVE-2016-0597?
CVE-2016-0597 specifically allows remote authenticated users to exploit the vulnerability, not unauthenticated users.
What is the primary impact of CVE-2016-0597?
The primary impact of CVE-2016-0597 is a potential denial of service affecting the availability of the MySQL server.
- agent/type
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0597
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/11.3
- canonical/oracle linux
- version/oracle linux/7
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- version/suse linux/13.2
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- version/ubuntu/15.10
- vendor/debian
- canonical/debian
- version/debian/8.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/7.0
- version/red hat enterprise linux hpc node/7.2
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.2
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/mariadb
- canonical/mariadb
- version/mariadb/5.5.20
- version/mariadb/10.0.0
- version/mariadb/10.1.0
- canonical/oracle mysql
- version/oracle mysql/5.5.0
- version/oracle mysql/5.5.46
- version/oracle mysql/5.6.0
- version/oracle mysql/5.6.27
- version/oracle mysql/5.7.0
- version/oracle mysql/5.7.9