CVE-2016-0646
First published: Thu Apr 21 2016(Updated: )
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <5.5.48 | 5.5.48 |
| redhat/mysql | <5.6.29 | 5.6.29 |
| redhat/mysql | <5.7.11 | 5.7.11 |
| redhat/mariadb | <5.5.48 | 5.5.48 |
| redhat/mariadb | <10.1.12 | 10.1.12 |
| redhat/mariadb | <10.0.24 | 10.0.24 |
| Debian | =8.0 | |
| Oracle Linux | =7 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| IBM PowerKVM | =2.1 | |
| IBM PowerKVM | =3.1 | |
| SUSE Linux | =42.1 | |
| Oracle MySQL | >=5.5.0<=5.5.47 | |
| Oracle MySQL | >=5.6.0<=5.6.28 | |
| Oracle MySQL | >=5.7.0<=5.7.10 | |
| MariaDB | >=5.5.20<5.5.48 | |
| MariaDB | >=10.0.0<10.0.24 | |
| MariaDB | >=10.1.0<10.1.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.debian.org/security/2016/dsa-3557
- http://www.debian.org/security/2016/dsa-3595
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/86436
- http://www.securitytracker.com/id/1035606
- http://www.ubuntu.com/usn/USN-2953-1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/
- http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html
- https://rhn.redhat.com/errata/RHSA-2016-0705.html
- https://rhn.redhat.com/errata/RHSA-2016-1481.html
- https://rhn.redhat.com/errata/RHSA-2016-1480.html
- https://rhn.redhat.com/errata/RHSA-2016-1602.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1329248
Frequently Asked Questions
What is the severity of CVE-2016-0646?
CVE-2016-0646 is considered a medium severity vulnerability impacting the availability of Oracle MySQL and MariaDB versions before specified remedial updates.
How do I fix CVE-2016-0646?
To fix CVE-2016-0646, upgrade Oracle MySQL to versions 5.5.48, 5.6.29, or 5.7.11, or upgrade MariaDB to versions 5.5.48, 10.0.24, or 10.1.12.
Which versions are affected by CVE-2016-0646?
CVE-2016-0646 affects Oracle MySQL versions 5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier, as well as specific versions of MariaDB.
What components are impacted by CVE-2016-0646?
CVE-2016-0646 specifically impacts the MySQL Server component of Oracle MySQL and MariaDB.
Who is vulnerable to CVE-2016-0646?
Local users of Oracle MySQL and MariaDB versions prior to the remedial ones are vulnerable to CVE-2016-0646.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0646
- agent/software-canonical-lookup
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/7
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/ibm
- canonical/ibm powerkvm
- version/ibm powerkvm/2.1
- version/ibm powerkvm/3.1
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- canonical/oracle mysql
- version/oracle mysql/5.5.0
- version/oracle mysql/5.5.47
- version/oracle mysql/5.6.0
- version/oracle mysql/5.6.28
- version/oracle mysql/5.7.0
- version/oracle mysql/5.7.10
- vendor/mariadb
- canonical/mariadb
- version/mariadb/5.5.20
- version/mariadb/10.0.0
- version/mariadb/10.1.0