maria-discuss team mailing list archive

Thread
Date

Re: Critical Update for CVE-2016-6662

To: Sergei Golubchik <serg@xxxxxxxxxxx>
From: Alex <imperialnetwork@xxxxxxxxx>
Date: Mon, 12 Sep 2016 21:32:32 +0300
Cc: MariaDB Discuss <maria-discuss@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20160912182549.GA19929@meddwl.fritz.box>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi Sergei,

My bad , was a bit paranoid and instantly sent the email before deeperresearch. Upgrading all hosts to 10.1.17.


Regards,
Alex


On 9/12/2016 9:25 PM, Sergei Golubchik wrote:

Hi, Alex!

On Sep 12, Alex wrote:

Hello,

In regards to this zero day remote exploit , it seems MariaDB is also
affected. Percona seems to have released new versions out to fix this.
Any news from MariaDB side ?

http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

Yes, it was https://jira.mariadb.org/browse/MDEV-10465,
fixed in 5.5.51, 10.0.27, 10.1.17, all released last month.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx

References

Critical Update for CVE-2016-6662
From: Alex, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Sergei Golubchik, 2016-09-12