Scientific Linux alert SLSA-2017:0184-1 (mysql)
| From: | Pat Riehecky <riehecky@fnal.gov> | |
| To: | <scientific-linux-errata@listserv.fnal.gov> | |
| Subject: | Security ERRATA Important: mysql on SL6.x i386/x86_64 | |
| Date: | Tue, 24 Jan 2017 16:14:32 +0000 | |
| Message-ID: | <20170124161432.27099.76483@slpackages.fnal.gov> |
Synopsis: Important: mysql security update Advisory ID: SLSA-2017:0184-1 Issue Date: 2017-01-24 CVE Numbers: CVE-2016-6662 CVE-2016-5616 CVE-2016-6663 -- Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616) -- SL6 x86_64 mysql-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.x86_64.rpm mysql-server-5.1.73-8.el6_8.x86_64.rpm mysql-bench-5.1.73-8.el6_8.x86_64.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm mysql-test-5.1.73-8.el6_8.x86_64.rpm i386 mysql-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-server-5.1.73-8.el6_8.i686.rpm mysql-bench-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-test-5.1.73-8.el6_8.i686.rpm - Scientific Linux Development Team