Synopsis: Important: mariadb security and bug fix update
Advisory ID: SLSA-2016:2595-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-6662
CVE-2016-3492
CVE-2016-5612
CVE-2016-5616
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-8283
CVE-2016-6663
—
The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52).
Security Fix(es):
* It was discovered that the MariaDB logging functionality allowed writing
to MariaDB configuration files. An administrative database user, or a
database user with FILE privileges, could possibly use this flaw to run
arbitrary commands with root privileges on the system running the database
server. (CVE-2016-6662)
* A race condition was found in the way MariaDB performed MyISAM engine
table repair. A database user with shell access to the server running
mysqld could use this flaw to change permissions of arbitrary files
writable by the mysql system user. (CVE-2016-6663)
(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,
CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)
Additional Changes:
—
SL7
x86_64
mariadb-5.5.52-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.52-1.el7.i686.rpm
mariadb-debuginfo-5.5.52-1.el7.x86_64.rpm
mariadb-libs-5.5.52-1.el7.i686.rpm
mariadb-libs-5.5.52-1.el7.x86_64.rpm
mariadb-server-5.5.52-1.el7.x86_64.rpm
mariadb-bench-5.5.52-1.el7.x86_64.rpm
mariadb-devel-5.5.52-1.el7.i686.rpm
mariadb-devel-5.5.52-1.el7.x86_64.rpm
mariadb-embedded-5.5.52-1.el7.i686.rpm
mariadb-embedded-5.5.52-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.52-1.el7.i686.rpm
mariadb-embedded-devel-5.5.52-1.el7.x86_64.rpm
mariadb-test-5.5.52-1.el7.x86_64.rpm
– Scientific Linux Development Team
