CVE-2016-3615
First published: Thu Jul 21 2016(Updated: )
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Linux | =7 | |
| MariaDB | >=5.5.20<5.5.50 | |
| MariaDB | >=10.0.0<10.0.26 | |
| MariaDB | >=10.1.0<10.1.15 | |
| Oracle MySQL | >=5.5.0<=5.5.49 | |
| Oracle MySQL | >=5.6.0<=5.6.30 | |
| Oracle MySQL | >=5.7.0<=5.7.12 | |
| IBM PowerKVM | =2.1 | |
| IBM PowerKVM | =3.1 | |
| Debian | =8.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1601.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://rhn.redhat.com/errata/RHSA-2016-1603.html
- http://rhn.redhat.com/errata/RHSA-2016-1604.html
- http://rhn.redhat.com/errata/RHSA-2016-1637.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.debian.org/security/2016/dsa-3624
- http://www.debian.org/security/2016/dsa-3632
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91960
- http://www.securitytracker.com/id/1036362
- http://www.ubuntu.com/usn/USN-3040-1
- https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/
Frequently Asked Questions
What is the severity of CVE-2016-3615?
CVE-2016-3615 has not been assigned a specific CVSS score, but it allows remote authenticated users to impact system availability.
How do I fix CVE-2016-3615?
To fix CVE-2016-3615, upgrade to MySQL versions 5.5.50 or later, 5.6.31 or later, or 5.7.13 or later, as well as the corresponding updated versions for MariaDB.
Which versions are affected by CVE-2016-3615?
CVE-2016-3615 affects Oracle MySQL versions before 5.5.50, 5.6.31, 5.7.13, and MariaDB versions earlier than 5.5.50, 10.0.26, and 10.1.15.
Can CVE-2016-3615 be exploited remotely?
Yes, CVE-2016-3615 can be exploited by remote authenticated users, potentially affecting the availability of the database.
What types of systems are vulnerable to CVE-2016-3615?
Systems running affected versions of Oracle MySQL or MariaDB on platforms like Oracle Linux, Debian, and Ubuntu are vulnerable to CVE-2016-3615.
- agent/type
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/7
- vendor/mariadb
- canonical/mariadb
- version/mariadb/5.5.20
- version/mariadb/10.0.0
- version/mariadb/10.1.0
- canonical/oracle mysql
- version/oracle mysql/5.5.0
- version/oracle mysql/5.5.49
- version/oracle mysql/5.6.0
- version/oracle mysql/5.6.30
- version/oracle mysql/5.7.0
- version/oracle mysql/5.7.12
- vendor/ibm
- canonical/ibm powerkvm
- version/ibm powerkvm/2.1
- version/ibm powerkvm/3.1
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04