mariadb55-mariadb-5.5.53-1.AXS4
エラータID: AXSA:2016-717:04
リリース日:
2016/11/01 Tuesday - 11:02
題名:
mariadb55-mariadb-5.5.53-1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Severity:
High
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- Oracle MySQL には、Server: Optimizer に関連する要因によって、
リモートの認証されたユーザが可用性に影響を与える詳細不明な
脆弱性があります。(CVE-2016-3492)
- Oracle MySQL には、DML に関連する要因によって、リモートの
認証されたユーザが可用性に影響を与える詳細不明な脆弱性があり
ます。(CVE-2016-5612)
- Oracle MySQL には、Server: MyISAM に関連する要因によって、
ローカルのユーザが機密性、完全性、可用性に影響を与える詳細
不明な脆弱性があります。(CVE-2016-5616)
- Oracle MySQL には、DML に関連する要因によって、リモートの
認証されたユーザが可用性に影響を与える詳細不明な脆弱性があり
ます。(CVE-2016-5624)
- Oracle MySQL には、GIS に関連する要因によって、リモートの
認証されたユーザが可用性に影響を与える詳細不明な脆弱性があり
ます。(CVE-2016-5626)
- Oracle MySQL には、Server: Federated に関連する要因によって、
リモートの管理者が可用性に影響を与える詳細不明な脆弱性があり
ます。(CVE-2016-5629)
- Oracle MySQL は、 my.cnf の設定に general_log_file を設定する
ことによって、ローカルのユーザが任意の構成を作成し、特定の
保護メカニズムを回避する脆弱性があります。
注: この問題は、malloc_lib を設定されることで、root 権限での任意
のコードの実行に利用される可能性があります。(CVE-2016-6662)
- Oracle MySQL には、 Server: Types に関連する要因によって、
リモートの認証されたユーザが可用性に影響を与える詳細不明な
脆弱性があります。(CVE-2016-8283)
- 現時点では CVE-2016-6663 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
追加情報:
N/A
ダウンロード:
SRPMS
- mariadb55-mariadb-5.5.53-1.AXS4.src.rpm
MD5: 5e6230f83bd89342c3e4cb4d41ef619e
SHA-256: f7b66a91130ecf29423da091605794389e9ae267b871662eca0d8fed516a3d12
Size: 38.92 MB
Asianux Server 4 for x86_64
- mariadb55-mariadb-5.5.53-1.AXS4.x86_64.rpm
MD5: 14978fff1be0d203c34272367faec763
SHA-256: 4f7b3fba8df98f6a7506a521d70c3b704f7ba49aa1f7b70477e1683d487f2fbe
Size: 10.51 MB - mariadb55-mariadb-bench-5.5.53-1.AXS4.x86_64.rpm
MD5: b70c9e91a2a9915f5b6c8ebd638aa88b
SHA-256: c2f7e6f3cd76c96d5072138d1600e9afaf952199d6a8994fa0586bd6a515ca61
Size: 392.75 kB - mariadb55-mariadb-devel-5.5.53-1.AXS4.x86_64.rpm
MD5: 92720a9db51ba4c273fbc3906c051fd2
SHA-256: fe6ac067894f674691fa15f97e21f019d8552a6a764d0538f08ef92509a5fd7a
Size: 761.94 kB - mariadb55-mariadb-libs-5.5.53-1.AXS4.x86_64.rpm
MD5: e155542e380acddb007e4188aa3d57ba
SHA-256: 0618da9c58d501dcb8f911bea41d327d1e073376978d45bcbad6824c1606df33
Size: 204.48 kB - mariadb55-mariadb-server-5.5.53-1.AXS4.x86_64.rpm
MD5: 3ae2e5ca34c47ff35a31c41c5cc95a0f
SHA-256: 86b141d0ddef396cdbb221a339cc080533f26d9f8be96cca9b614f25b1ac8b4a
Size: 12.67 MB - mariadb55-mariadb-test-5.5.53-1.AXS4.x86_64.rpm
MD5: d0657cb9c456c8aac1905f063c14759f
SHA-256: 9eb144343893d4400d24ee3b63ae8b00b12e57cb2fe6f513250702d01d6e165f
Size: 8.87 MB
English