1
PublicDateAtUSN: 2016-09-12
2
Candidate: CVE-2016-6662
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662
6
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
7
https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/
8
https://usn.ubuntu.com/usn/usn-3078-1
10
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
11
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before
12
10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,
13
and 5.7.x before 5.7.14-7 allow local users to create arbitrary
14
configurations and bypass certain protection mechanisms by setting
15
general_log_file to a my.cnf configuration. NOTE: this can be leveraged to
16
execute arbitrary code with root privileges by setting malloc_lib. NOTE:
17
the affected MySQL version information is from Oracle's October 2016 CPU.
18
Oracle has not commented on third-party claims that the issue was silently
19
patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
23
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2016-6662
25
Discovered-by: Dawid Golunski
29
upstream_mysql-5.5: released (5.5.52)
30
precise_mysql-5.5: released (5.5.52-0ubuntu0.12.04.1)
31
precise/esm_mysql-5.5: released (5.5.52-0ubuntu0.12.04.1)
32
trusty_mysql-5.5: released (5.5.52-0ubuntu0.14.04.1)
34
vivid/ubuntu-core_mysql-5.5: DNE
35
vivid/stable-phone-overlay_mysql-5.5: DNE
37
yakkety_mysql-5.5: DNE
44
upstream_mysql-5.6: released (5.6.33)
45
precise_mysql-5.6: DNE
46
precise/esm_mysql-5.6: DNE
47
trusty_mysql-5.6: released (5.6.33-0ubuntu0.14.04.1)
48
vivid/ubuntu-core_mysql-5.6: DNE
49
vivid/stable-phone-overlay_mysql-5.6: DNE
51
yakkety_mysql-5.6: DNE
58
upstream_mysql-5.7: released (5.7.15)
59
precise_mysql-5.7: DNE
60
precise/esm_mysql-5.7: DNE
62
vivid/ubuntu-core_mysql-5.7: DNE
63
vivid/stable-phone-overlay_mysql-5.7: DNE
64
xenial_mysql-5.7: released (5.7.15-0ubuntu0.16.04.1)
65
yakkety_mysql-5.7: released (5.7.15-0ubuntu2)
66
zesty_mysql-5.7: released (5.7.15-0ubuntu2)
67
artful_mysql-5.7: released (5.7.15-0ubuntu2)
68
bionic_mysql-5.7: released (5.7.15-0ubuntu2)
69
devel_mysql-5.7: released (5.7.15-0ubuntu2)
72
upstream_mariadb-5.5: needs-triage
73
precise_mariadb-5.5: DNE
74
precise/esm_mariadb-5.5: DNE
75
trusty_mariadb-5.5: released (5.5.52-1ubuntu0.14.04.1)
76
vivid/ubuntu-core_mariadb-5.5: DNE
77
vivid/stable-phone-overlay_mariadb-5.5: DNE
78
xenial_mariadb-5.5: DNE
79
yakkety_mariadb-5.5: DNE
80
zesty_mariadb-5.5: DNE
81
artful_mariadb-5.5: DNE
82
bionic_mariadb-5.5: DNE
83
devel_mariadb-5.5: DNE
86
upstream_mariadb-10.0: released (10.0.27)
87
precise_mariadb-10.0: DNE
88
precise/esm_mariadb-10.0: DNE
89
trusty_mariadb-10.0: DNE
90
vivid/ubuntu-core_mariadb-10.0: DNE
91
vivid/stable-phone-overlay_mariadb-10.0: DNE
92
xenial_mariadb-10.0: released (10.0.27-0ubuntu0.16.04.1)
93
yakkety_mariadb-10.0: released (10.0.28-0ubuntu0.16.10.1)
94
zesty_mariadb-10.0: DNE
95
artful_mariadb-10.0: DNE
96
bionic_mariadb-10.0: DNE
97
devel_mariadb-10.0: DNE
99
Patches_percona-xtradb-cluster-5.5:
100
upstream_percona-xtradb-cluster-5.5: needs-triage
101
precise_percona-xtradb-cluster-5.5: DNE
102
precise/esm_percona-xtradb-cluster-5.5: DNE
103
trusty_percona-xtradb-cluster-5.5: needed
104
vivid/ubuntu-core_percona-xtradb-cluster-5.5: DNE
105
vivid/stable-phone-overlay_percona-xtradb-cluster-5.5: DNE
106
xenial_percona-xtradb-cluster-5.5: DNE
107
yakkety_percona-xtradb-cluster-5.5: DNE
108
zesty_percona-xtradb-cluster-5.5: DNE
109
artful_percona-xtradb-cluster-5.5: DNE
110
bionic_percona-xtradb-cluster-5.5: DNE
111
devel_percona-xtradb-cluster-5.5: DNE
113
Patches_percona-xtradb-cluster-5.6:
114
upstream_percona-xtradb-cluster-5.6: needs-triage
115
precise_percona-xtradb-cluster-5.6: DNE
116
precise/esm_percona-xtradb-cluster-5.6: DNE
117
trusty_percona-xtradb-cluster-5.6: DNE
118
vivid/ubuntu-core_percona-xtradb-cluster-5.6: DNE
119
vivid/stable-phone-overlay_percona-xtradb-cluster-5.6: DNE
120
xenial_percona-xtradb-cluster-5.6: released (5.6.34-26.19-0ubuntu0.16.04.1)
121
yakkety_percona-xtradb-cluster-5.6: released (5.6.34-26.19-0ubuntu0.16.10.1)
122
zesty_percona-xtradb-cluster-5.6: not-affected (5.6.34-26.19-0ubuntu1)
123
artful_percona-xtradb-cluster-5.6: not-affected (5.6.34-26.19-0ubuntu1)
124
bionic_percona-xtradb-cluster-5.6: DNE
125
devel_percona-xtradb-cluster-5.6: DNE
127
Patches_percona-server-5.6:
128
upstream_percona-server-5.6: needs-triage
129
precise_percona-server-5.6: DNE
130
precise/esm_percona-server-5.6: DNE
131
trusty_percona-server-5.6: DNE
132
vivid/ubuntu-core_percona-server-5.6: DNE
133
vivid/stable-phone-overlay_percona-server-5.6: DNE
134
xenial_percona-server-5.6: needed
135
yakkety_percona-server-5.6: ignored (reached end-of-life)
136
zesty_percona-server-5.6: ignored (reached end-of-life)
137
artful_percona-server-5.6: needed
138
bionic_percona-server-5.6: DNE
139
devel_percona-server-5.6: DNE