mysql-5.1.73-8.0.1.AXS4
エラータID: AXSA:2017-1284:01
リリース日:
2017/02/03 Friday - 09:49
題名:
mysql-5.1.73-8.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Oracle MySQL は、my.cnf の設定に general_log_file を設定する
ことによって、ローカルのユーザが任意の設定を作成し、保護メカニズムを
回避する脆弱性があります。
注: この問題は、malloc_lib を設定されることで、root 権限での任意
のコードの実行に利用される可能性があります。(CVE-2016-6662)
- Oracle MySQL,MariaDB には競合条件が存在し,MyISAM テーブルをリペアす
るための REPAIR TABLE による my_copystat の使用によって,あるパーミッ
ションを持つローカルユーザが権限を得る脆弱性があります。
(CVE-2016-6663)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
追加情報:
N/A
ダウンロード:
SRPMS
- mysql-5.1.73-8.0.1.AXS4.src.rpm
MD5: 047056110f4e09c51855324dc47938b6
SHA-256: cdae53567afbcea788ed609b12f208c360b3ae36832d39f3ea26eadb9a67f783
Size: 20.08 MB
Asianux Server 4 for x86
- mysql-5.1.73-8.0.1.AXS4.i686.rpm
MD5: 9832197e178126bb16ca0da2fe273804
SHA-256: c6337824021364d22407758fd0d9bc181e5f6748995c0491e8d8bad9cf5ef949
Size: 903.47 kB - mysql-bench-5.1.73-8.0.1.AXS4.i686.rpm
MD5: 9e9d2873d59f01930b755297dca9a1af
SHA-256: dd70f919865af91aa10289146106af25a095bcd1702de8b4b57f7f85f07e5028
Size: 428.42 kB - mysql-devel-5.1.73-8.0.1.AXS4.i686.rpm
MD5: 8ba3ceba04393e0cdd076e110d5c725b
SHA-256: 40aaf07d52b3214f3ca86de93bcf9e2278478f06651f348d50e2f66ba3c98ef7
Size: 129.33 kB - mysql-libs-5.1.73-8.0.1.AXS4.i686.rpm
MD5: a6a960e4aacd13224687a5efdfe9ebc0
SHA-256: 514de4a7a473b14e1e19207839607b680905924c7d7fd448d89ec3bc2e0d3503
Size: 1.23 MB - mysql-server-5.1.73-8.0.1.AXS4.i686.rpm
MD5: f704af1553e18b7c685e5e64d33d4ada
SHA-256: ed423835cb093e3321f9bb83f6b38058328a894400ca49d0707246ca409539d7
Size: 8.80 MB - mysql-test-5.1.73-8.0.1.AXS4.i686.rpm
MD5: af264316e0d98eceba5ce9fa046841f7
SHA-256: 62562a9c718f975c2ed62e31e824ea59bd7f042bc8d9f27a8a7a5be3c8fc1a1e
Size: 5.26 MB
Asianux Server 4 for x86_64
- mysql-5.1.73-8.0.1.AXS4.x86_64.rpm
MD5: 96e8414c1cf25ea8dd59c87e5ff7578e
SHA-256: f09dc6475b72c0ab17724dc269b22333c29b7c4a494c75686bc19f632611a0e4
Size: 893.71 kB - mysql-bench-5.1.73-8.0.1.AXS4.x86_64.rpm
MD5: ed50e2933571fa4362417770b289ce21
SHA-256: 629a366739fe59891594dce884507cfd706392ae1d7719658661fbfa8a847ee6
Size: 427.97 kB - mysql-devel-5.1.73-8.0.1.AXS4.x86_64.rpm
MD5: 3f302f5cdc247a4ba048fcdfa613c549
SHA-256: 4b4428c6f8067bc0f3f3286a50886728d024ce1155d4dbf59e37c9b39a355cb2
Size: 128.90 kB - mysql-libs-5.1.73-8.0.1.AXS4.x86_64.rpm
MD5: e360d4e95257dfd7d67a228061ac2ea0
SHA-256: 948cd9ac2c7c6c75276a976dedbdc3a7b02b951fc4045b7a79e6bb2e97aaa271
Size: 1.22 MB - mysql-server-5.1.73-8.0.1.AXS4.x86_64.rpm
MD5: 4fbac9007697b0de894f12400b602d0c
SHA-256: 34e1d0fd1d974b4beea8cb52f91077b876834ca9663f1d997216c5b0ff3a3dcb
Size: 8.62 MB - mysql-test-5.1.73-8.0.1.AXS4.x86_64.rpm
MD5: bc6c7b35998d871a581bac1fb78b6cae
SHA-256: faa1dd36db3d2ada7f55fd6af0d4274220ffde293d9f48d98eceaadb4584c387
Size: 5.28 MB - mysql-devel-5.1.73-8.0.1.AXS4.i686.rpm
MD5: 8ba3ceba04393e0cdd076e110d5c725b
SHA-256: 40aaf07d52b3214f3ca86de93bcf9e2278478f06651f348d50e2f66ba3c98ef7
Size: 129.33 kB - mysql-libs-5.1.73-8.0.1.AXS4.i686.rpm
MD5: a6a960e4aacd13224687a5efdfe9ebc0
SHA-256: 514de4a7a473b14e1e19207839607b680905924c7d7fd448d89ec3bc2e0d3503
Size: 1.23 MB