rmd2k2
By:
rmd2k2

Mysql CVE-2016-6663 and CVE-2016-6664 (Ubuntu)

November 27, 2016 83 views
MySQL Ubuntu

Any posts/updates on how to patch for the following?

CVE-2016-6663, Privilege Escalation / Race Condition (also referred to as CVE-2016-5616)
CVE-2016-6664, Root Privilege Escalation (also referred to as CVE-2016-5617)

Thanks!

2 Answers

You can check you version to are you affected. There are many ways to check MySQL version.
You can execute:

  • mysql --version

it should output you version of MySQL, or login to MySQL cli:

  • mysql -u user -p

when you login, you'll see welcome message specifying your version.

CVE-2016-6663
Security tracker - Canonical | Security tracker - Debian.
This CVE was fixed in version:

MySQL developer Fixed in version
Oracle MySQL 5.5.52
5.6.33
5.7.15
MariaDB 5.5.52
10.1.18
10.0.28
Percona 5.5.41-37.0
5.6.32-25.17
5.7.14-26.17

If you have version which is less then one in table, you're affected and you need to do upgrade.

CVE-2016-6664
Security tracker - Canonical | Security tracker - Debian.
This CVE was fixed in version:

MySQL developer Fixed in version
Oracle MySQL 5.5.51
5.6.32
5.7.14
MariaDB ALL VERSIONS AFFECTED, FIX IS STILL NOT AVAILABLE
Percona 5.5.51-38.2
5.6.32-78-1
5.7.14-8

If you have version which is less then one in table, you're affected and you need to do upgrade.

Required update should be in repositories. Updating the repo cache and executing upgrade will do the job.

  • sudo apt-get update
  • sudo apt-get upgrade

After upgrade finishes, check the version. If you are not anymore affected, you're good to go. If you're, return back, we'll find way. :)

Have another answer? Share your knowledge.