Oracle MySQL security update

Number: AV16-157
Date: 01 October 2016

Purpose

This advisory is to bring attention to recently released Oracle MySQL security updates addressing a critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. .

Assessment

Oracle has released security updates to address a critical vulnerability in MySQL. Exploitation of this vulnerability may allow for arbitrary remote code execution.  This vulnerability also affects some projects forked from the main MySQL branch, including MariaDB and Percona Server.

Versions affected:

  • Oracle MySQL 5.5.x prior to version 5.5.52
  • Oracle MySQL 5.6.x prior to version 5.5.33
  • Oracle MySQL 5.7.x prior to version 5.7.15
  • MariaDB (see references for more information)
  • Percona Server and XtraDB Cluster (see references for more information)

CVE Reference: CVE-2016-6662

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

=================       
National Vulnerability Database:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6662

Security Researcher:
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

Oracle MySQL Release Notes:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

MariaDB Security Announcement:
https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/

Percona Server Critical Update:
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/

Date modified: