Synopsis:          Important: mysql security update
Advisory ID:       SLSA-2017:0184-1
Issue Date:        2017-01-24
CVE Numbers:       CVE-2016-6662
                   CVE-2016-5616
                   CVE-2016-6663
--

Security Fix(es):

* It was discovered that the MySQL logging functionality allowed writing
to MySQL configuration files. An administrative database user, or a
database user with FILE privileges, could possibly use this flaw to run
arbitrary commands with root privileges on the system running the database
server. (CVE-2016-6662)

* A race condition was found in the way MySQL performed MyISAM engine
table repair. A database user with shell access to the server running
mysqld could use this flaw to change permissions of arbitrary files
writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616)
--

SL6
  x86_64
    mysql-5.1.73-8.el6_8.x86_64.rpm
    mysql-debuginfo-5.1.73-8.el6_8.i686.rpm
    mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm
    mysql-libs-5.1.73-8.el6_8.i686.rpm
    mysql-libs-5.1.73-8.el6_8.x86_64.rpm
    mysql-server-5.1.73-8.el6_8.x86_64.rpm
    mysql-bench-5.1.73-8.el6_8.x86_64.rpm
    mysql-devel-5.1.73-8.el6_8.i686.rpm
    mysql-devel-5.1.73-8.el6_8.x86_64.rpm
    mysql-embedded-5.1.73-8.el6_8.i686.rpm
    mysql-embedded-5.1.73-8.el6_8.x86_64.rpm
    mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm
    mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm
    mysql-test-5.1.73-8.el6_8.x86_64.rpm
  i386
    mysql-5.1.73-8.el6_8.i686.rpm
    mysql-debuginfo-5.1.73-8.el6_8.i686.rpm
    mysql-libs-5.1.73-8.el6_8.i686.rpm
    mysql-server-5.1.73-8.el6_8.i686.rpm
    mysql-bench-5.1.73-8.el6_8.i686.rpm
    mysql-devel-5.1.73-8.el6_8.i686.rpm
    mysql-embedded-5.1.73-8.el6_8.i686.rpm
    mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm
    mysql-test-5.1.73-8.el6_8.i686.rpm

- Scientific Linux Development Team