Описание
Security update for mariadb
This update for mariadb to 1.0.0.27 fixes the following issues:
Security issue fixed:
-
CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309)
-
release notes:
-
changelog:
Bugs fixed:
- Make ORDER BY optimization functions take into account multiple equalities. (bsc#949520)
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
Ссылки
- Link for SUSE-SU-2016:2395-1
- E-Mail link for SUSE-SU-2016:2395-1
- SUSE Security Ratings
- SUSE Bug 949520
- SUSE Bug 998309
- SUSE CVE CVE-2016-6662 page
Описание
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Затронутые продукты
Ссылки
- CVE-2016-6662
- SUSE Bug 1001367
- SUSE Bug 1005580
- SUSE Bug 1020873
- SUSE Bug 1020884
- SUSE Bug 1021755
- SUSE Bug 998309