Content-Type: |
text/plain; charset="utf-8" |
Date: |
Tue, 24 Jan 2017 16:14:32 -0000 |
Reply-To: |
|
Subject: |
|
MIME-Version: |
1.0 |
Message-ID: |
|
Content-Transfer-Encoding: |
7bit |
Sender: |
|
From: |
|
Parts/Attachments: |
|
|
Synopsis: Important: mysql security update
Advisory ID: SLSA-2017:0184-1
Issue Date: 2017-01-24
CVE Numbers: CVE-2016-6662
CVE-2016-5616
CVE-2016-6663
--
Security Fix(es):
* It was discovered that the MySQL logging functionality allowed writing
to MySQL configuration files. An administrative database user, or a
database user with FILE privileges, could possibly use this flaw to run
arbitrary commands with root privileges on the system running the database
server. (CVE-2016-6662)
* A race condition was found in the way MySQL performed MyISAM engine
table repair. A database user with shell access to the server running
mysqld could use this flaw to change permissions of arbitrary files
writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616)
--
SL6
x86_64
mysql-5.1.73-8.el6_8.x86_64.rpm
mysql-debuginfo-5.1.73-8.el6_8.i686.rpm
mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm
mysql-libs-5.1.73-8.el6_8.i686.rpm
mysql-libs-5.1.73-8.el6_8.x86_64.rpm
mysql-server-5.1.73-8.el6_8.x86_64.rpm
mysql-bench-5.1.73-8.el6_8.x86_64.rpm
mysql-devel-5.1.73-8.el6_8.i686.rpm
mysql-devel-5.1.73-8.el6_8.x86_64.rpm
mysql-embedded-5.1.73-8.el6_8.i686.rpm
mysql-embedded-5.1.73-8.el6_8.x86_64.rpm
mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm
mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm
mysql-test-5.1.73-8.el6_8.x86_64.rpm
i386
mysql-5.1.73-8.el6_8.i686.rpm
mysql-debuginfo-5.1.73-8.el6_8.i686.rpm
mysql-libs-5.1.73-8.el6_8.i686.rpm
mysql-server-5.1.73-8.el6_8.i686.rpm
mysql-bench-5.1.73-8.el6_8.i686.rpm
mysql-devel-5.1.73-8.el6_8.i686.rpm
mysql-embedded-5.1.73-8.el6_8.i686.rpm
mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm
mysql-test-5.1.73-8.el6_8.i686.rpm
- Scientific Linux Development Team
|
|
|