CVE-2016-6662

Priority
Medium
Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before
10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,
and 5.7.x before 5.7.14-7 allow local users to create arbitrary
configurations and bypass certain protection mechanisms by setting
general_log_file to a my.cnf configuration. NOTE: this can be leveraged to
execute arbitrary code with root privileges by setting malloc_lib. NOTE:
the affected MySQL version information is from Oracle's October 2016 CPU.
Oracle has not commented on third-party claims that the issue was silently
patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
References
Bugs
Package
Upstream:released (10.0.27)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (10.0.27-0ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (5.6.34-26.19-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.6.34-26.19-0ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):not-affected (5.6.34-26.19-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.52-1ubuntu0.14.04.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (5.7.15)
Ubuntu 17.10 (Artful Aardvark):released (5.7.15-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.7.15-0ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):released (5.7.15-0ubuntu2)
Package
Upstream:released (5.6.33)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.6.33-0ubuntu0.14.04.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (5.5.52)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (5.5.52-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.52-0ubuntu0.14.04.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-08-11 23:22:33 UTC (commit 13081)