CVE-2016-5440
First published: Thu Jul 21 2016(Updated: )
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM PowerKVM | =2.1 | |
| IBM PowerKVM | =3.1 | |
| MariaDB | >=5.5.20<5.5.50 | |
| MariaDB | >=10.0.0<10.0.26 | |
| MariaDB | >=10.1.0<10.1.15 | |
| Oracle MySQL | >=5.5.0<=5.5.49 | |
| Oracle MySQL | >=5.6.0<=5.6.30 | |
| Oracle MySQL | >=5.7.0<=5.7.12 | |
| Oracle Linux | =7 | |
| Debian | =8.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1601.html
- http://rhn.redhat.com/errata/RHSA-2016-1602.html
- http://rhn.redhat.com/errata/RHSA-2016-1603.html
- http://rhn.redhat.com/errata/RHSA-2016-1604.html
- http://rhn.redhat.com/errata/RHSA-2016-1637.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
- http://www.debian.org/security/2016/dsa-3624
- http://www.debian.org/security/2016/dsa-3632
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91953
- http://www.securitytracker.com/id/1036362
- http://www.ubuntu.com/usn/USN-3040-1
- https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/
Frequently Asked Questions
What is the severity of CVE-2016-5440?
CVE-2016-5440 is classified as a high severity vulnerability that affects the availability of Oracle MySQL and MariaDB.
How do I fix CVE-2016-5440?
To fix CVE-2016-5440, upgrade to MySQL version 5.5.50 or later, 5.6.31 or later, 5.7.13 or later, or MariaDB version 5.5.50 or later, 10.0.26 or later, or 10.1.15 or later.
What versions of MySQL are affected by CVE-2016-5440?
CVE-2016-5440 affects MySQL versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier.
What versions of MariaDB are affected by CVE-2016-5440?
CVE-2016-5440 affects MariaDB versions prior to 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15.
Who is primarily affected by CVE-2016-5440?
Remote administrators of Oracle MySQL and MariaDB databases using the vulnerable versions are primarily affected by CVE-2016-5440.
- agent/type
- agent/references
- agent/remedy
- agent/author
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/ibm
- canonical/ibm powerkvm
- version/ibm powerkvm/2.1
- version/ibm powerkvm/3.1
- vendor/mariadb
- canonical/mariadb
- version/mariadb/5.5.20
- version/mariadb/10.0.0
- version/mariadb/10.1.0
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/5.5.0
- version/oracle mysql/5.5.49
- version/oracle mysql/5.6.0
- version/oracle mysql/5.6.30
- version/oracle mysql/5.7.0
- version/oracle mysql/5.7.12
- canonical/oracle linux
- version/oracle linux/7
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0