Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-684)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.120674
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-684)
Summary:	The remote host is missing an update for the 'mysql56' package(s) announced via the ALAS-2016-684 advisory.
Description:	Summary: The remote host is missing an update for the 'mysql56' package(s) announced via the ALAS-2016-684 advisory. Vulnerability Insight: wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack. (CVE-2015-7744) Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4864) Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4861) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2015-4862) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. (CVE-2015-4910) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. (CVE-2015-4913) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0610) Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0594) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0595) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'mysql56' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4766 BugTraq ID: 77232 http://www.securityfocus.com/bid/77232 http://www.securitytracker.com/id/1033894 http://www.ubuntu.com/usn/USN-2781-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4791 BugTraq ID: 77213 http://www.securityfocus.com/bid/77213 Common Vulnerability Exposure (CVE) ID: CVE-2015-4792 BugTraq ID: 77171 http://www.securityfocus.com/bid/77171 Debian Security Information: DSA-3377 (Google Search) http://www.debian.org/security/2015/dsa-3377 Debian Security Information: DSA-3385 (Google Search) http://www.debian.org/security/2015/dsa-3385 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html RedHat Security Advisories: RHSA-2016:0534 http://rhn.redhat.com/errata/RHSA-2016-0534.html RedHat Security Advisories: RHSA-2016:0705 http://rhn.redhat.com/errata/RHSA-2016-0705.html RedHat Security Advisories: RHSA-2016:1132 https://access.redhat.com/errata/RHSA-2016:1132 RedHat Security Advisories: RHSA-2016:1480 http://rhn.redhat.com/errata/RHSA-2016-1480.html RedHat Security Advisories: RHSA-2016:1481 http://rhn.redhat.com/errata/RHSA-2016-1481.html SuSE Security Announcement: SUSE-SU-2016:0296 (Google Search) https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html SuSE Security Announcement: openSUSE-SU-2015:2244 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:2246 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:0368 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4800 BugTraq ID: 77216 http://www.securityfocus.com/bid/77216 Common Vulnerability Exposure (CVE) ID: CVE-2015-4802 BugTraq ID: 77165 http://www.securityfocus.com/bid/77165 Common Vulnerability Exposure (CVE) ID: CVE-2015-4807 BugTraq ID: 77205 http://www.securityfocus.com/bid/77205 Common Vulnerability Exposure (CVE) ID: CVE-2015-4815 BugTraq ID: 77222 http://www.securityfocus.com/bid/77222 Common Vulnerability Exposure (CVE) ID: CVE-2015-4819 BugTraq ID: 77196 http://www.securityfocus.com/bid/77196 RedHat Security Advisories: RHSA-2015:1628 http://rhn.redhat.com/errata/RHSA-2015-1628.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4826 BugTraq ID: 77237 http://www.securityfocus.com/bid/77237 Common Vulnerability Exposure (CVE) ID: CVE-2015-4830 BugTraq ID: 77228 http://www.securityfocus.com/bid/77228 Common Vulnerability Exposure (CVE) ID: CVE-2015-4833 BugTraq ID: 77170 http://www.securityfocus.com/bid/77170 Common Vulnerability Exposure (CVE) ID: CVE-2015-4836 BugTraq ID: 77190 http://www.securityfocus.com/bid/77190 Common Vulnerability Exposure (CVE) ID: CVE-2015-4858 BugTraq ID: 77145 http://www.securityfocus.com/bid/77145 Common Vulnerability Exposure (CVE) ID: CVE-2015-4861 BugTraq ID: 77137 http://www.securityfocus.com/bid/77137 Common Vulnerability Exposure (CVE) ID: CVE-2015-4862 BugTraq ID: 77147 http://www.securityfocus.com/bid/77147 Common Vulnerability Exposure (CVE) ID: CVE-2015-4864 BugTraq ID: 77187 http://www.securityfocus.com/bid/77187 RedHat Security Advisories: RHSA-2015:1665 http://rhn.redhat.com/errata/RHSA-2015-1665.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4866 BugTraq ID: 77132 http://www.securityfocus.com/bid/77132 Common Vulnerability Exposure (CVE) ID: CVE-2015-4870 BugTraq ID: 77208 http://www.securityfocus.com/bid/77208 https://www.exploit-db.com/exploits/39867/ http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4879 BugTraq ID: 77140 http://www.securityfocus.com/bid/77140 Common Vulnerability Exposure (CVE) ID: CVE-2015-4890 BugTraq ID: 77231 http://www.securityfocus.com/bid/77231 Common Vulnerability Exposure (CVE) ID: CVE-2015-4895 BugTraq ID: 77136 http://www.securityfocus.com/bid/77136 Common Vulnerability Exposure (CVE) ID: CVE-2015-4904 BugTraq ID: 77219 http://www.securityfocus.com/bid/77219 Common Vulnerability Exposure (CVE) ID: CVE-2015-4905 BugTraq ID: 77143 http://www.securityfocus.com/bid/77143 Common Vulnerability Exposure (CVE) ID: CVE-2015-4910 BugTraq ID: 77234 http://www.securityfocus.com/bid/77234 Common Vulnerability Exposure (CVE) ID: CVE-2015-4913 BugTraq ID: 77153 http://www.securityfocus.com/bid/77153 Common Vulnerability Exposure (CVE) ID: CVE-2015-7744 https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ http://www.securitytracker.com/id/1034708 SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0502 Common Vulnerability Exposure (CVE) ID: CVE-2016-0503 BugTraq ID: 81126 http://www.securityfocus.com/bid/81126 http://www.ubuntu.com/usn/USN-2881-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0504 BugTraq ID: 81077 http://www.securityfocus.com/bid/81077 Common Vulnerability Exposure (CVE) ID: CVE-2016-0505 BugTraq ID: 81088 http://www.securityfocus.com/bid/81088 Debian Security Information: DSA-3453 (Google Search) http://www.debian.org/security/2016/dsa-3453 Debian Security Information: DSA-3459 (Google Search) http://www.debian.org/security/2016/dsa-3459 SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0546 BugTraq ID: 81066 http://www.securityfocus.com/bid/81066 Common Vulnerability Exposure (CVE) ID: CVE-2016-0594 Common Vulnerability Exposure (CVE) ID: CVE-2016-0595 BugTraq ID: 81121 http://www.securityfocus.com/bid/81121 Common Vulnerability Exposure (CVE) ID: CVE-2016-0596 BugTraq ID: 81130 http://www.securityfocus.com/bid/81130 Common Vulnerability Exposure (CVE) ID: CVE-2016-0597 BugTraq ID: 81151 http://www.securityfocus.com/bid/81151 Common Vulnerability Exposure (CVE) ID: CVE-2016-0598 BugTraq ID: 81182 http://www.securityfocus.com/bid/81182 Common Vulnerability Exposure (CVE) ID: CVE-2016-0599 Common Vulnerability Exposure (CVE) ID: CVE-2016-0600 BugTraq ID: 81188 http://www.securityfocus.com/bid/81188 Common Vulnerability Exposure (CVE) ID: CVE-2016-0601 Common Vulnerability Exposure (CVE) ID: CVE-2016-0605 BugTraq ID: 81253 http://www.securityfocus.com/bid/81253 Common Vulnerability Exposure (CVE) ID: CVE-2016-0606 Common Vulnerability Exposure (CVE) ID: CVE-2016-0607 BugTraq ID: 81238 http://www.securityfocus.com/bid/81238 Common Vulnerability Exposure (CVE) ID: CVE-2016-0608 BugTraq ID: 81226 http://www.securityfocus.com/bid/81226 Common Vulnerability Exposure (CVE) ID: CVE-2016-0609 BugTraq ID: 81258 http://www.securityfocus.com/bid/81258 Common Vulnerability Exposure (CVE) ID: CVE-2016-0610 BugTraq ID: 81198 http://www.securityfocus.com/bid/81198 Common Vulnerability Exposure (CVE) ID: CVE-2016-0611 BugTraq ID: 81164 http://www.securityfocus.com/bid/81164 Common Vulnerability Exposure (CVE) ID: CVE-2016-0616 BugTraq ID: 81176 http://www.securityfocus.com/bid/81176
Copyright	Copyright (C) 2016 Greenbone AG