Summary: | <dev-db/mysql-{5.5.52,5.6.33}: general_log_file can be abused (CVE-2016-6662) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bug, himbeere, luke, mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 593584 |
Description
Thomas Deutschmann (RETIRED)
2016-09-12 20:25:50 UTC
Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mysql-5.6.33 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-5.6.33.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" Does 5.6.33 really fix this bug? The advisory explicitly says this is an affected version. Based on our information this should have been addressed with 5.6.33. However when comparing Mysql's sql/sys_vars.cc file with MariaDB's fix (https://github.com/MariaDB/server/commit/470f2598cca350b79531bf0b88463a47d94abec3 and https://github.com/MariaDB/server/commit/0098d789c9d8be15d62230289f603ac8f3d5b275) it looks like it isn't So I am stopping stabilization request for the moment to wait for clarification from upstream.. OK, our information were correct. From MySQL 5.6.33 changelog (https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html): > - For mysqld_safe, the argument to --malloc-lib now must be one of the > directories /usr/lib, /usr/lib64, /usr/lib/i386-linux-gnu, or > /usr/lib/x86_64-linux-gnu. In addition, the --mysqld and > --mysqld-version options can be used only on the command line and not > in an option file. (MySQL-Bug #24464380) > > - It was possible to write log files ending with .ini or .cnf that later > could be parsed as option files. The general query log and slow query > log can no longer be written to a file ending with .ini or .cnf. > (MySQL-Bug #24388753) > > - Privilege escalation was possible by exploiting the way REPAIR TABLE > used temporary files. (MySQL-Bug #24388746) Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mysql-5.6.33 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-5.6.33.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" amd64 stable Stable on alpha. Stable for HPPA PPC64. arm stable x86 stable sparc stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup already done, see https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-db/mysql?id=4a70076de06492fdb818f2881ef7834ef11c0f17 @ Security: Please vote for GLSA. Same as before. No voting required. This issue was resolved and addressed in GLSA 201701-01 at https://security.gentoo.org/glsa/201701-01 by GLSA coordinator Thomas Deutschmann (whissi). |