SB2019032613 - Amazon Linux AMI update for mysql57

Main Vulnerability Database SB2019032613

SB2019032613 - Amazon Linux AMI update for mysql57

Published: March 26, 2019

Security Bulletin ID SB2019032613

Severity

Low

Patch available

YES

Number of vulnerabilities 15

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2019-2486)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

2) Denial of service (CVE-ID: CVE-2019-2434)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

3) Denial of service (CVE-ID: CVE-2019-2507)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

4) Denial of service (CVE-ID: CVE-2019-2481)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

5) Denial of service (CVE-ID: CVE-2019-2482)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

6) Security restrictions bypass (CVE-ID: CVE-2019-2534)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

7) Denial of service (CVE-ID: CVE-2019-2537)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

8) Denial of service (CVE-ID: CVE-2019-2510)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

9) Denial of service (CVE-ID: CVE-2019-2531)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

10) Denial of service (CVE-ID: CVE-2019-2455)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

11) Denial of service (CVE-ID: CVE-2019-2532)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

12) Denial of service (CVE-ID: CVE-2019-2420)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

13) Security restrictions bypass (CVE-ID: CVE-2019-2503)

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

14) Denial of service (CVE-ID: CVE-2019-2528)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

15) Denial of service (CVE-ID: CVE-2019-2529)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

References

https://alas.aws.amazon.com/ALAS-2019-1181.html