maria-discuss team mailing list archive

Thread
Date

Re: Critical Update for CVE-2016-6662

To: Sergei Golubchik <serg@xxxxxxxxxxx>
From: Alex <imperialnetwork@xxxxxxxxx>
Date: Tue, 13 Sep 2016 00:58:41 +0300
Cc: MariaDB Discuss <maria-discuss@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20160912182549.GA19929@meddwl.fritz.box>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

From what i noticed , centos6 hosts that were on mysql 5.6 , or mariadb10.1.17 is using the mysqld_safe.Upgraded centos7 hosts , and mysqld_safe is no longer a running processfor mariadb 10.1.17.

Would this mean that only the hosts that do not run the mysqld_safe aresafe ?


On 9/12/2016 9:25 PM, Sergei Golubchik wrote:

Hi, Alex!

On Sep 12, Alex wrote:

Hello,

In regards to this zero day remote exploit , it seems MariaDB is also
affected. Percona seems to have released new versions out to fix this.
Any news from MariaDB side ?

http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

Yes, it was https://jira.mariadb.org/browse/MDEV-10465,
fixed in 5.5.51, 10.0.27, 10.1.17, all released last month.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx

Follow ups

Re: Critical Update for CVE-2016-6662
From: Sergei Golubchik, 2016-09-13
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12

References

Critical Update for CVE-2016-6662
From: Alex, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Sergei Golubchik, 2016-09-12