CVE-2016-0597
First published: Thu Jan 21 2016(Updated: )
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <5.5.47 | 5.5.47 |
| redhat/mysql | <5.6.28 | 5.6.28 |
| redhat/mysql | <5.7.10 | 5.7.10 |
| redhat/mariadb | <5.5.47 | 5.5.47 |
| redhat/mariadb | <10.1.10 | 10.1.10 |
| redhat/mariadb | <10.0.23 | 10.0.23 |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Oracle Solaris SPARC | =11.3 | |
| Oracle Linux | =7 | |
| openSUSE | =42.1 | |
| openSUSE | =13.2 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =15.04 | |
| Ubuntu Linux | =15.10 | |
| Debian Debian Linux | =8.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.2 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.2 | |
| redhat enterprise Linux server eus | =7.2 | |
| redhat enterprise Linux workstation | =7.0 | |
| Mariadb Mariadb | >=5.5.20<5.5.47 | |
| Mariadb Mariadb | >=10.0.0<10.0.23 | |
| Mariadb Mariadb | >=10.1.0<10.1.10 | |
| MySQL | >=5.5.0<=5.5.46 | |
| MySQL | >=5.6.0<=5.6.27 | |
| MySQL | >=5.7.0<=5.7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2016-0534.html
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://www.debian.org/security/2016/dsa-3453
- http://www.debian.org/security/2016/dsa-3459
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/81151
- http://www.securitytracker.com/id/1034708
- http://www.ubuntu.com/usn/USN-2881-1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/
- https://mariadb.com/kb/en/mdb-10023-rn/
- http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1301518
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1301517
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1301519
- https://rhn.redhat.com/errata/RHSA-2016-0534.html
- https://rhn.redhat.com/errata/RHSA-2016-0705.html
- https://rhn.redhat.com/errata/RHSA-2016-1481.html
- https://rhn.redhat.com/errata/RHSA-2016-1480.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1301497
Frequently Asked Questions
What is the severity of CVE-2016-0597?
CVE-2016-0597 has a moderate severity level, allowing remote authenticated users to affect availability.
How do I fix CVE-2016-0597?
To fix CVE-2016-0597, upgrade MySQL to versions 5.5.47, 5.6.28, or 5.7.10, and MariaDB to versions 5.5.47, 10.0.23, or 10.1.10.
What versions are affected by CVE-2016-0597?
CVE-2016-0597 affects Oracle MySQL versions 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and earlier, as well as several MariaDB versions prior to their respective fixes.
Are remote unauthenticated users affected by CVE-2016-0597?
CVE-2016-0597 specifically allows remote authenticated users to exploit the vulnerability, not unauthenticated users.
What is the primary impact of CVE-2016-0597?
The primary impact of CVE-2016-0597 is a potential denial of service affecting the availability of the MySQL server.
- agent/type
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0597
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/oracle
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- canonical/oracle linux
- version/oracle linux/7
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.1
- version/opensuse/13.2
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/15.04
- version/ubuntu linux/15.10
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/7.0
- version/red hat enterprise linux hpc node/7.2
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.2
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/mariadb
- canonical/mariadb mariadb
- version/mariadb mariadb/5.5.20
- version/mariadb mariadb/10.0.0
- version/mariadb mariadb/10.1.0
- canonical/mysql
- version/mysql/5.5.0
- version/mysql/5.5.46
- version/mysql/5.6.0
- version/mysql/5.6.27
- version/mysql/5.7.0
- version/mysql/5.7.9