Synopsis: Important: mariadb security and bug fix update Advisory ID: SLSA-2016:2595-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-6662 CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-8283 CVE-2016-6663 -- The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). Security Fix(es): * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes: -- SL7 x86_64 mariadb-5.5.52-1.el7.x86_64.rpm mariadb-debuginfo-5.5.52-1.el7.i686.rpm mariadb-debuginfo-5.5.52-1.el7.x86_64.rpm mariadb-libs-5.5.52-1.el7.i686.rpm mariadb-libs-5.5.52-1.el7.x86_64.rpm mariadb-server-5.5.52-1.el7.x86_64.rpm mariadb-bench-5.5.52-1.el7.x86_64.rpm mariadb-devel-5.5.52-1.el7.i686.rpm mariadb-devel-5.5.52-1.el7.x86_64.rpm mariadb-embedded-5.5.52-1.el7.i686.rpm mariadb-embedded-5.5.52-1.el7.x86_64.rpm mariadb-embedded-devel-5.5.52-1.el7.i686.rpm mariadb-embedded-devel-5.5.52-1.el7.x86_64.rpm mariadb-test-5.5.52-1.el7.x86_64.rpm - Scientific Linux Development Team