[debian-mysql] Bug#842895: mariadb-10.0: CVE-2016-6664 CVE-2016-5617
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 2 06:27:40 UTC 2016
Source: mariadb-10.0
Version: 10.0.16-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerabilities were published for mariadb-10.0.
CVE-2016-6664[0], which is a duplicate of CVE-2016-5617.
CVE-2016-5617[1]:
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
| and earlier, and 5.7.14 and earlier allows local users to affect
| confidentiality, integrity, and availability via vectors related to
| Server: Error Handling.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6664
[1] https://security-tracker.debian.org/tracker/CVE-2016-5617
[2] http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list