Amazon Linux AMI update for mysql57

1) Denial of service

EUVDB-ID: #VU17045

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2486

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU17027

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2434

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

EUVDB-ID: #VU17041

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2507

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU17040

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2481

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU17024

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2482

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU17026

Risk: Low

CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2534

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Denial of service

EUVDB-ID: #VU17038

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2537

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Denial of service

EUVDB-ID: #VU17033

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2510

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Denial of service

EUVDB-ID: #VU17044

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2531

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Denial of service

EUVDB-ID: #VU17028

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2455

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU17046

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2532

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Denial of service

EUVDB-ID: #VU17039

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2420

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU17029

Risk: Low

CVSSv4.0: 2.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2503

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Denial of service

EUVDB-ID: #VU17043

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2528

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Denial of service

EUVDB-ID: #VU17025

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2529

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages:

i686:
    mysql57-test-5.7.25-1.11.amzn1.i686
    mysql57-debuginfo-5.7.25-1.11.amzn1.i686
    mysql57-devel-5.7.25-1.11.amzn1.i686
    mysql57-errmsg-5.7.25-1.11.amzn1.i686
    mysql57-server-5.7.25-1.11.amzn1.i686
    mysql57-embedded-devel-5.7.25-1.11.amzn1.i686
    mysql57-common-5.7.25-1.11.amzn1.i686
    mysql57-libs-5.7.25-1.11.amzn1.i686
    mysql57-embedded-5.7.25-1.11.amzn1.i686
    mysql57-5.7.25-1.11.amzn1.i686

src:
    mysql57-5.7.25-1.11.amzn1.src

x86_64:
    mysql57-common-5.7.25-1.11.amzn1.x86_64
    mysql57-5.7.25-1.11.amzn1.x86_64
    mysql57-debuginfo-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-server-5.7.25-1.11.amzn1.x86_64
    mysql57-libs-5.7.25-1.11.amzn1.x86_64
    mysql57-test-5.7.25-1.11.amzn1.x86_64
    mysql57-errmsg-5.7.25-1.11.amzn1.x86_64
    mysql57-devel-5.7.25-1.11.amzn1.x86_64
    mysql57-embedded-5.7.25-1.11.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1181.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Low
Patch available	YES
Number of vulnerabilities	15
CVE-ID	CVE-2019-2486 CVE-2019-2434 CVE-2019-2507 CVE-2019-2481 CVE-2019-2482 CVE-2019-2534 CVE-2019-2537 CVE-2019-2510 CVE-2019-2531 CVE-2019-2455 CVE-2019-2532 CVE-2019-2420 CVE-2019-2503 CVE-2019-2528 CVE-2019-2529
CWE-ID	CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services