Amazon Linux AMI : mysql51 (ALAS-2017-800)
Critical Nessus Plugin ID 97329
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionIt was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)
A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-5616 , CVE-2016-6663)
SolutionRun 'yum update mysql51' to update your system.