CVE-2016-3452
First published: Thu Jul 21 2016(Updated: )
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Oracle MySQL | >=5.5.0<=5.5.48 | |
| Oracle MySQL | >=5.6.0<=5.6.29 | |
| Oracle MySQL | >=5.7.0<=5.7.10 | |
| MariaDB | >=5.5.20<5.5.49 | |
| MariaDB | >=10.0.0<10.0.25 | |
| MariaDB | >=10.1.0<10.1.14 | |
| IBM PowerKVM | =2.1 | |
| IBM PowerKVM | =3.1 | |
| Oracle Linux | =7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91999
- http://www.securitytracker.com/id/1036362
- https://access.redhat.com/errata/RHSA-2016:1132
- https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/
Frequently Asked Questions
What is the severity of CVE-2016-3452?
CVE-2016-3452 is classified as a high-severity vulnerability affecting confidentiality.
How do I fix CVE-2016-3452?
To fix CVE-2016-3452, upgrade your Oracle MySQL or MariaDB installation to a version that is not affected.
What versions are vulnerable to CVE-2016-3452?
CVE-2016-3452 affects Oracle MySQL versions 5.5.48 and earlier, 5.6.29 and earlier, 5.7.10 and earlier, as well as MariaDB versions before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14.
Can CVE-2016-3452 be exploited remotely?
Yes, CVE-2016-3452 allows remote attackers to exploit the vulnerability through specific vectors related to encryption.
Is CVE-2016-3452 specific to any operating system?
CVE-2016-3452 affects various systems including those running Red Hat Enterprise Linux, Oracle Linux, and IBM PowerKVM.
- agent/references
- agent/type
- agent/severity
- agent/remedy
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/5.5.0
- version/oracle mysql/5.5.48
- version/oracle mysql/5.6.0
- version/oracle mysql/5.6.29
- version/oracle mysql/5.7.0
- version/oracle mysql/5.7.10
- vendor/mariadb
- canonical/mariadb
- version/mariadb/5.5.20
- version/mariadb/10.0.0
- version/mariadb/10.1.0
- vendor/ibm
- canonical/ibm powerkvm
- version/ibm powerkvm/2.1
- version/ibm powerkvm/3.1
- canonical/oracle linux
- version/oracle linux/7