An update for mariadb-galera is now available for Red Hat Enterprise LinuxOpenStack Platform 5.0 (Icehouse) for RHEL 6.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
MariaDB is a multi-user, multi-threaded SQL database server that is binarycompatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB.Security Fix(es):* It was discovered that the MySQL logging functionality allowed writing toMySQL configuration files. An administrative database user, or a database userwith FILE privileges, could possibly use this flaw to run arbitrary commandswith root privileges on the system running the database server. (CVE-2016-6662)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the MariaDB server daemon (mysqld) will berestarted automatically.Red Hat OpenStack 5.0 for RHEL 6

SRPMS:
mariadb-galera-5.5.42-1.1.el6ost.src.rpm
    MD5: ea82fdb169b4e8ba785731357daec2a6SHA-256: 986d809f24451458b242df645591a1707989a6ad9aeb4be0c3d24b9b5fd24c14
 
x86_64:
mariadb-galera-common-5.5.42-1.1.el6ost.x86_64.rpm
    MD5: f1a08d0f69537cd3522db505a1fd0eb0SHA-256: 90715bac130e584f3823474e93ee95798051c829bddffdd8fae795a5c45097fb
mariadb-galera-debuginfo-5.5.42-1.1.el6ost.x86_64.rpm
    MD5: bb54ca2af6e88590de03d8cf837320c6SHA-256: c604c6ace5c35f7e2b0ab8cfc9135d98faffab420a65fd10a22e8999d02333d3
mariadb-galera-server-5.5.42-1.1.el6ost.x86_64.rpm
    MD5: f21873d132977d70844dc6fdb4e6177eSHA-256: 2f061f697d91ea60a9c75f70674ea667e1f21f0d231b184221211326b3484caa
 
(The unlinked packages above are only available from the Red Hat Network)

1375198 – CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply