Vulnerability CVE-2016-6662: Information
Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
MySQL | sisyphus | 5.5.53-alt1 | 8.0.37-alt1.1 | ALT-PU-2016-2238-1 | 171749 | Fixed |
MySQL | p10 | 5.5.53-alt1 | 8.0.36-alt1 | ALT-PU-2016-2238-1 | 171749 | Fixed |
MySQL | p9 | 5.5.53-alt1 | 8.0.26-alt2 | ALT-PU-2016-2238-1 | 171749 | Fixed |
MySQL | p8 | 5.5.54-alt0.M80P.1 | 5.7.28-alt1 | ALT-PU-2017-1409-1 | 181264 | Fixed |
MySQL | c10f1 | 5.5.53-alt1 | 8.0.36-alt1 | ALT-PU-2016-2238-1 | 171749 | Fixed |
MySQL | c9f2 | 5.5.53-alt1 | 8.0.36-alt0.c9.1 | ALT-PU-2016-2238-1 | 171749 | Fixed |
MySQL | c7 | 5.5.53-alt0.M70C.1 | 5.7.24-alt0.M70C.1 | ALT-PU-2016-2259-1 | 171748 | Fixed |
mariadb | sisyphus | 10.1.17-alt1 | 10.11.8-alt1 | ALT-PU-2016-1934-1 | 169161 | Fixed |
mariadb | p10 | 10.1.17-alt1 | 10.6.18-alt1 | ALT-PU-2016-1934-1 | 169161 | Fixed |
mariadb | p9 | 10.1.17-alt1 | 10.4.34-alt0.M90P.1 | ALT-PU-2016-1934-1 | 169161 | Fixed |
mariadb | p8 | 10.1.19-alt0.M80P.1 | 10.1.48-alt1 | ALT-PU-2016-2285-1 | 172165 | Fixed |
mariadb | c10f1 | 10.1.17-alt1 | 10.6.18-alt1 | ALT-PU-2016-1934-1 | 169161 | Fixed |
mariadb | c9f2 | 10.1.17-alt1 | 10.6.18-alt1 | ALT-PU-2016-1934-1 | 169161 | Fixed |
mariadb | c7 | 10.3.14-alt0.M70C.1 | 10.3.14-alt0.M70C.1 | ALT-PU-2019-1992-1 | 231405 | Fixed |