Описание
Security update for mariadb
This update for mariadb to 1.0.0.27 fixes the following issues:
Security issue fixed:
-
CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309)
-
release notes:
-
changelog:
Bugs fixed:
- Make ORDER BY optimization functions take into account multiple equalities. (bsc#949520)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2016:2404-1
- E-Mail link for SUSE-SU-2016:2404-1
- SUSE Security Ratings
- SUSE Bug 949520
- SUSE Bug 998309
- SUSE CVE CVE-2016-6662 page
Описание
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Затронутые продукты
Ссылки
- CVE-2016-6662
- SUSE Bug 1001367
- SUSE Bug 1005580
- SUSE Bug 1020873
- SUSE Bug 1020884
- SUSE Bug 1021755
- SUSE Bug 998309