RHEL 7 : mariadb (RHSA-2016:2595)
critical Nessus Plugin ID 94558
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52). (BZ#1304516, BZ#1377974)
Security Fix(es) :
* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)
* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)
* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)
Additional Changes :
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
Solution
Update the affected packages.See Also
https://access.redhat.com/errata/RHSA-2016:2595
https://access.redhat.com/security/cve/cve-2016-3492
https://access.redhat.com/security/cve/cve-2016-5612
https://access.redhat.com/security/cve/cve-2016-5616
https://access.redhat.com/security/cve/cve-2016-5624
https://access.redhat.com/security/cve/cve-2016-5626
https://access.redhat.com/security/cve/cve-2016-5629
https://access.redhat.com/security/cve/cve-2016-6662
Plugin Details
Severity: Critical
ID: 94558
File Name: redhat-RHSA-2016-2595.nasl
Version: 2.12
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/4/2016
Updated: 10/24/2019
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:mariadb, p-cpe:/a:redhat:enterprise_linux:mariadb-bench, p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo, p-cpe:/a:redhat:enterprise_linux:mariadb-devel, p-cpe:/a:redhat:enterprise_linux:mariadb-embedded, p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel, p-cpe:/a:redhat:enterprise_linux:mariadb-libs, p-cpe:/a:redhat:enterprise_linux:mariadb-server, p-cpe:/a:redhat:enterprise_linux:mariadb-test, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7.3, cpe:/o:redhat:enterprise_linux:7.4, cpe:/o:redhat:enterprise_linux:7.5, cpe:/o:redhat:enterprise_linux:7.6, cpe:/o:redhat:enterprise_linux:7.7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/3/2016
Vulnerability Publication Date: 9/20/2016
Reference Information
CVE: CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-8283
RHSA: 2016:2595