Red Hat Security Advisory 2017-0184-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
6b95d7c39326ecdc070d235d6eb88d47e3ed59e34b79040f2687f4d36864d0cbGentoo Linux Security Advisory 201701-1 - Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could lead to the remote execution of arbitrary code. Versions less than 10.0.28 are affected.
d29d2c9599ff6a080a01a711eab24fa8a9c409782346fe6b151226f35a8ad256Red Hat Security Advisory 2016-2927-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
66e1ea59d4014df2a4d524614e18002ead15028ade3161134f30e5b4a1e9c414Red Hat Security Advisory 2016-2928-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
0b4663dd1293eea4507798a5759c83e25936795e0709279b272a99329da7448cRed Hat Security Advisory 2016-2749-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
2885c698b7f8dbeb61cdef79060e442a4d80a5dfbab9153600b85b4aee6e32caRed Hat Security Advisory 2016-2595-02 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
efc7657ab9526bfaa4bd2c527a331957fcb2307eb0c4160a005c123a071b5353Red Hat Security Advisory 2016-2131-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
e0d4017aacc635d92ac81e00a91de05fc52686499e7f45be1d6e5caccce336c2Red Hat Security Advisory 2016-2130-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
03b624cce91b1d69085d50e89a4e1be58cfa8a759a1b0832a830b379c914eadbRed Hat Security Advisory 2016-2077-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
25f8677b3989794bfdab9e885b200c14f5958cc947734d677fdac0faf0bac785Red Hat Security Advisory 2016-2062-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: A permissions flaw was discovered in the MySQL logging functionality, which allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly exploit this flaw to run arbitrary commands with root privileges on the system running the database server.
3095fdcfee55e0072883a94d54e2575ee2543875dabfd381bb2b3398cc100bf4Red Hat Security Advisory 2016-2061-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
2dff5fb12bfebf2c5ec3c79a89927f4c020fd5ef33e2cd3efbdd1b05eed4f386Red Hat Security Advisory 2016-2060-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
fb3556e126894312a0618b086aab05da286bbb1b6bfe7bfe16220442b55022a5Red Hat Security Advisory 2016-2059-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
53897a017d1189a15fff00405a0de1d19dc5c0b95eb99adc4b587c3314885bebRed Hat Security Advisory 2016-2058-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
a9d0a0e174ed7b0675f21a44852635fd255be05d2bc7c4a369387e75914d9a69Debian Linux Security Advisory 3666-1 - Dawid Golunski discovered that the mysqld_safe wrapper provided by the MySQL database server insufficiently restricted the load path for custom malloc implementations, which could result in privilege escalation.
d28b96249e7fc2df03afa448cba9de612a55ed8cfcda4eca4c0fd98e74a1d2bcUbuntu Security Notice 3078-1 - Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
70fb5a6644f34b6d550d78bb097b4a44cfd9878ed35cb234d7e3bd0d2a2d75a8MySQL versions 5.7.15 and below, 5.6.33 and below, and 5.5.52 and below suffer from remote root code execution and privilege escalation vulnerabilities.
5e8a01e26f616b7e322e11ee4900c798c738b94ceece89ba36e9df202cdc0496
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed