ID de Prueba:	1.3.6.1.4.1.25623.1.0.871698
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for mariadb RHSA-2016:2595-02
Resumen:	The remote host is missing an update for the 'mariadb'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mariadb' package(s) announced via the referenced advisory. Vulnerability Insight: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es): * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: mariadb on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3492 BugTraq ID: 93650 http://www.securityfocus.com/bid/93650 https://security.gentoo.org/glsa/201701-01 RedHat Security Advisories: RHSA-2016:2130 http://rhn.redhat.com/errata/RHSA-2016-2130.html RedHat Security Advisories: RHSA-2016:2131 http://rhn.redhat.com/errata/RHSA-2016-2131.html RedHat Security Advisories: RHSA-2016:2595 http://rhn.redhat.com/errata/RHSA-2016-2595.html RedHat Security Advisories: RHSA-2016:2749 http://rhn.redhat.com/errata/RHSA-2016-2749.html RedHat Security Advisories: RHSA-2016:2927 http://rhn.redhat.com/errata/RHSA-2016-2927.html RedHat Security Advisories: RHSA-2016:2928 http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.securitytracker.com/id/1037050 Common Vulnerability Exposure (CVE) ID: CVE-2016-5612 BugTraq ID: 93630 http://www.securityfocus.com/bid/93630 RedHat Security Advisories: RHSA-2016:1601 http://rhn.redhat.com/errata/RHSA-2016-1601.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5616 Common Vulnerability Exposure (CVE) ID: CVE-2016-5624 BugTraq ID: 93635 http://www.securityfocus.com/bid/93635 Common Vulnerability Exposure (CVE) ID: CVE-2016-5626 BugTraq ID: 93638 http://www.securityfocus.com/bid/93638 Common Vulnerability Exposure (CVE) ID: CVE-2016-5629 BugTraq ID: 93668 http://www.securityfocus.com/bid/93668 Common Vulnerability Exposure (CVE) ID: CVE-2016-6662 BugTraq ID: 92912 http://www.securityfocus.com/bid/92912 Debian Security Information: DSA-3666 (Google Search) http://www.debian.org/security/2016/dsa-3666 https://www.exploit-db.com/exploits/40360/ http://seclists.org/fulldisclosure/2016/Sep/23 http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html http://www.openwall.com/lists/oss-security/2016/09/12/3 RedHat Security Advisories: RHSA-2016:2058 http://rhn.redhat.com/errata/RHSA-2016-2058.html RedHat Security Advisories: RHSA-2016:2059 http://rhn.redhat.com/errata/RHSA-2016-2059.html RedHat Security Advisories: RHSA-2016:2060 http://rhn.redhat.com/errata/RHSA-2016-2060.html RedHat Security Advisories: RHSA-2016:2061 http://rhn.redhat.com/errata/RHSA-2016-2061.html RedHat Security Advisories: RHSA-2016:2062 http://rhn.redhat.com/errata/RHSA-2016-2062.html RedHat Security Advisories: RHSA-2016:2077 http://rhn.redhat.com/errata/RHSA-2016-2077.html RedHat Security Advisories: RHSA-2017:0184 http://rhn.redhat.com/errata/RHSA-2017-0184.html http://www.securitytracker.com/id/1036769 Common Vulnerability Exposure (CVE) ID: CVE-2016-6663 BugTraq ID: 92911 http://www.securityfocus.com/bid/92911 BugTraq ID: 93614 http://www.securityfocus.com/bid/93614 https://www.exploit-db.com/exploits/40678/ http://seclists.org/fulldisclosure/2016/Nov/4 https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html http://www.openwall.com/lists/oss-security/2016/10/25/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-8283 BugTraq ID: 93737 http://www.securityfocus.com/bid/93737
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.