Scientific Linux SL7: SLSA-2016:2595-2 Important: mariadb Security Fix

Date: Wed, 14 Dec 2016 18:03:47 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Important: mariadb on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214180347.3177.93997@slpackages.fnal.gov>

Synopsis: Important: mariadb security and bug fix update
Advisory ID: SLSA-2016:2595-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-6662
 CVE-2016-3492
 CVE-2016-5612
 CVE-2016-5616
 CVE-2016-5624
 CVE-2016-5626
 CVE-2016-5629
 CVE-2016-8283
 CVE-2016-6663
--

The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52).

Security Fix(es):

* It was discovered that the MariaDB logging functionality allowed writing
to MariaDB configuration files. An administrative database user, or a
database user with FILE privileges, could possibly use this flaw to run
arbitrary commands with root privileges on the system running the database
server. (CVE-2016-6662)

* A race condition was found in the way MariaDB performed MyISAM engine
table repair. A database user with shell access to the server running
mysqld could use this flaw to change permissions of arbitrary files
writable by the mysql system user. (CVE-2016-6663)

(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,
CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)

Additional Changes:
--

SL7
 x86_64
 mariadb-5.5.52-1.el7.x86_64.rpm
 mariadb-debuginfo-5.5.52-1.el7.i686.rpm
 mariadb-debuginfo-5.5.52-1.el7.x86_64.rpm
 mariadb-libs-5.5.52-1.el7.i686.rpm
 mariadb-libs-5.5.52-1.el7.x86_64.rpm
 mariadb-server-5.5.52-1.el7.x86_64.rpm
 mariadb-bench-5.5.52-1.el7.x86_64.rpm
 mariadb-devel-5.5.52-1.el7.i686.rpm
 mariadb-devel-5.5.52-1.el7.x86_64.rpm
 mariadb-embedded-5.5.52-1.el7.i686.rpm
 mariadb-embedded-5.5.52-1.el7.x86_64.rpm
 mariadb-embedded-devel-5.5.52-1.el7.i686.rpm
 mariadb-embedded-devel-5.5.52-1.el7.x86_64.rpm
 mariadb-test-5.5.52-1.el7.x86_64.rpm

- Scientific Linux Development Team