Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 23 Sep 2016 14:35:41 +0200
From: Thomas Deutschmann <>
Subject: CVEs for vulnerabilities listed in MySQL 5.6.33 release note


the MySQL 5.6.33 changelog [1] lists multiple fixed vulnerabilities but
I can't find CVEs for all of these problems. Am I missing something? If
not, could you please assign CVEs which would help tracking the status
of these problems in MariaDB and Percona-Server (see Percona's latest
release notes for their 5.6.32-based fork [2] which seems to address
vulnerabilities listed in 5.6.33):

> For mysqld_safe, the argument to --malloc-lib now must be one of the
>  directories /usr/lib, /usr/lib64, /usr/lib/i386-linux-gnu, or 
> /usr/lib/x86_64-linux-gnu. In addition, the --mysqld and 
> --mysqld-version options can be used only on the command line and not
> in an option file. (Bug #24464380)

This one seems to be related to CVE-2016-6662 but one could argue this
deserve its one CVE.

> It was possible to write log files ending with .ini or .cnf that 
> later could be parsed as option files. The general query log and
> slow query log can no longer be written to a file ending with .ini
> or .cnf. (Bug #24388753)

This is CVE-2016-6662.

> Privilege escalation was possible by exploiting the way REPAIR TABLE
> used temporary files. (Bug #24388746)

This one seems to be without a CVE (I guess this isn't CVE-2016-6663).


See also:



Download attachment "signature.asc" of type "application/pgp-signature" (952 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ