[gentoo-announce] [ GLSA 201711-04 ] MariaDB, MySQL: Root privilege escalation - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201711-04 ] MariaDB, MySQL: Root privilege escalation
Date:	Fri, 10 Nov 2017 23:07:09
Message-Id:	`6739476.lZmId1yIgk@localhost.localdomain`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201711-04

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: MariaDB, MySQL: Root privilege escalation

9

     Date: November 10, 2017

10

     Bugs: #635704, #635706

11

       ID: 201711-04

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

A vulnerability was discovered in MariaDB and MySQL which may allow

19

local users to gain root privileges.

20

21

Background

22

==========

23

24

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an

25

enhanced, drop-in replacement for MySQL.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-db/mariadb             < 10.0.30-r1            >= 10.0.30-r1 

34

  2  dev-db/mysql               < 5.6.36-r1              >= 5.6.36-r1 

35

    -------------------------------------------------------------------

36

     2 affected packages

37

38

Description

39

===========

40

41

The Gentoo installation scripts before 2017-09-29 have chown calls for

42

user-writable directory trees, which allows local users to gain

43

privileges by leveraging access to the mysql account for creation of a

44

link.

45

46

Impact

47

======

48

49

A local attacker could escalate privileges to root.

50

51

Workaround

52

==========

53

54

There is no known workaround at this time.

55

56

Resolution

57

==========

58

59

All MariaDB users should upgrade to the latest version:

60

61

  # emerge --sync

62

  # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.30-r1"

63

64

All MySQL users should upgrade to the latest version:

65

66

  # emerge --sync

67

  # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.36-r1"

68

69

References

70

==========

71

72

[ 1 ] CVE-2017-15945

73

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15945

74

75

Availability

76

============

77

78

This GLSA and any updates to it are available for viewing at

79

the Gentoo Security Website:

80

81

 https://security.gentoo.org/glsa/201711-04

82

83

Concerns?

84

=========

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201711-04
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: MariaDB, MySQL: Root privilege escalation
9	Date: November 10, 2017
10	Bugs: #635704, #635706
11	ID: 201711-04
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	A vulnerability was discovered in MariaDB and MySQL which may allow
19	local users to gain root privileges.
20
21	Background
22	==========
23
24	MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
25	enhanced, drop-in replacement for MySQL.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-db/mariadb < 10.0.30-r1 >= 10.0.30-r1
34	2 dev-db/mysql < 5.6.36-r1 >= 5.6.36-r1
35	-------------------------------------------------------------------
36	2 affected packages
37
38	Description
39	===========
40
41	The Gentoo installation scripts before 2017-09-29 have chown calls for
42	user-writable directory trees, which allows local users to gain
43	privileges by leveraging access to the mysql account for creation of a
44	link.
45
46	Impact
47	======
48
49	A local attacker could escalate privileges to root.
50
51	Workaround
52	==========
53
54	There is no known workaround at this time.
55
56	Resolution
57	==========
58
59	All MariaDB users should upgrade to the latest version:
60
61	# emerge --sync
62	# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.30-r1"
63
64	All MySQL users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.36-r1"
68
69	References
70	==========
71
72	[ 1 ] CVE-2017-15945
73	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15945
74
75	Availability
76	============
77
78	This GLSA and any updates to it are available for viewing at
79	the Gentoo Security Website:
80
81	https://security.gentoo.org/glsa/201711-04
82
83	Concerns?
84	=========