Synopsis:          Important: mariadb security and bug fix update
Advisory ID:       SLSA-2016:2595-2
Issue Date:        2016-11-03
CVE Numbers:       CVE-2016-6662
                   CVE-2016-3492
                   CVE-2016-5612
                   CVE-2016-5616
                   CVE-2016-5624
                   CVE-2016-5626
                   CVE-2016-5629
                   CVE-2016-8283
                   CVE-2016-6663
--

The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52).

Security Fix(es):

* It was discovered that the MariaDB logging functionality allowed writing
to MariaDB configuration files. An administrative database user, or a
database user with FILE privileges, could possibly use this flaw to run
arbitrary commands with root privileges on the system running the database
server. (CVE-2016-6662)

* A race condition was found in the way MariaDB performed MyISAM engine
table repair. A database user with shell access to the server running
mysqld could use this flaw to change permissions of arbitrary files
writable by the mysql system user. (CVE-2016-6663)

(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,
CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)

Additional Changes:
--

SL7
  x86_64
    mariadb-5.5.52-1.el7.x86_64.rpm
    mariadb-debuginfo-5.5.52-1.el7.i686.rpm
    mariadb-debuginfo-5.5.52-1.el7.x86_64.rpm
    mariadb-libs-5.5.52-1.el7.i686.rpm
    mariadb-libs-5.5.52-1.el7.x86_64.rpm
    mariadb-server-5.5.52-1.el7.x86_64.rpm
    mariadb-bench-5.5.52-1.el7.x86_64.rpm
    mariadb-devel-5.5.52-1.el7.i686.rpm
    mariadb-devel-5.5.52-1.el7.x86_64.rpm
    mariadb-embedded-5.5.52-1.el7.i686.rpm
    mariadb-embedded-5.5.52-1.el7.x86_64.rpm
    mariadb-embedded-devel-5.5.52-1.el7.i686.rpm
    mariadb-embedded-devel-5.5.52-1.el7.x86_64.rpm
    mariadb-test-5.5.52-1.el7.x86_64.rpm

- Scientific Linux Development Team