Synopsis: Moderate: mariadb security and bug fix update Advisory ID: SLSA-2017:2192-1 Issue Date: 2017-08-01 CVE Numbers: CVE-2016-5617 CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2016-5483 CVE-2017-3600 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 -- The following packages have been upgraded to a later upstream version: mariadb (5.5.56). Security Fix(es): * It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600) * A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664) * Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265) * It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291) * Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312) * A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302) (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464) -- SL7 x86_64 mariadb-5.5.56-2.el7.x86_64.rpm mariadb-debuginfo-5.5.56-2.el7.i686.rpm mariadb-debuginfo-5.5.56-2.el7.x86_64.rpm mariadb-libs-5.5.56-2.el7.i686.rpm mariadb-libs-5.5.56-2.el7.x86_64.rpm mariadb-server-5.5.56-2.el7.x86_64.rpm mariadb-bench-5.5.56-2.el7.x86_64.rpm mariadb-devel-5.5.56-2.el7.i686.rpm mariadb-devel-5.5.56-2.el7.x86_64.rpm mariadb-embedded-5.5.56-2.el7.i686.rpm mariadb-embedded-5.5.56-2.el7.x86_64.rpm mariadb-embedded-devel-5.5.56-2.el7.i686.rpm mariadb-embedded-devel-5.5.56-2.el7.x86_64.rpm mariadb-test-5.5.56-2.el7.x86_64.rpm - Scientific Linux Development Team