Operating System:

[RedHat]

Published:

14 October 2016

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2409
                 Important: mariadb-galera security update
                              14 October 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mariadb-galera
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Root Compromise -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-6662  

Reference:         ESB-2016.2272
                   ESB-2016.2219
                   ESB-2016.2163
                   ESB-2016.2161

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2016-2058.html
   https://rhn.redhat.com/errata/RHSA-2016-2059.html
   https://rhn.redhat.com/errata/RHSA-2016-2060.html
   https://rhn.redhat.com/errata/RHSA-2016-2061.html
   https://rhn.redhat.com/errata/RHSA-2016-2062.html

Comment: This bulletin contains five (5) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb-galera security update
Advisory ID:       RHSA-2016:2058-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2058.html
Issue date:        2016-10-13
CVE Names:         CVE-2016-6662 
=====================================================================

1. Summary:

An update for mariadb-galera is now available for Red Hat Enterprise Linux
OpenStack Platform 5.0 (Icehouse) for RHEL 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. Galera is a synchronous multi-master cluster for
MariaDB.

Security Fix(es):

* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6:

Source:
mariadb-galera-5.5.42-1.1.el6ost.src.rpm

x86_64:
mariadb-galera-common-5.5.42-1.1.el6ost.x86_64.rpm
mariadb-galera-debuginfo-5.5.42-1.1.el6ost.x86_64.rpm
mariadb-galera-server-5.5.42-1.1.el6ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-6662
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/cve/CVE-2016-6662

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX/+m+XlSAg2UNWIIRAhyMAJ9DsXCln7YBsiC07myChizET4FqVACdHjRK
qwCGSv6ibpsND+rJuAOK+FQ=
=6CBH
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb-galera security and bug fix update
Advisory ID:       RHSA-2016:2059-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2059.html
Issue date:        2016-10-13
CVE Names:         CVE-2016-6662 
=====================================================================

1. Summary:

An update for mariadb-galera is now available for Red Hat Enterprise Linux
OpenStack Platform 5.0 (Icehouse) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. Galera is a synchronous multi-master cluster for
MariaDB.

Security Fix(es):

* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)

Bug Fix(es):

* Because Red Hat Enterprise Linux 7.3 changed the return format of the
"systemctl is-enabled" command as consumed by shell scripts, the
mariadb-galera RPM package, upon installation, erroneously detected that
the MariaDB service was enabled when it was not. As a result, the Red Hat
OpenStack Platform installer, which then tried to run mariadb-galera using
Pacemaker and not systemd, failed to start Galera. With this update,
mariadb-galera's RPM installation scripts now use a different systemctl
command, correctly detecting the default MariaDB as disabled, and the
installer can succeed. (BZ#1376908)

* Previously, both the mariadb-server and mariadb-galera-server packages
shipped the client-facing libraries, dialog.so and mysql_clear_password.so.
As a result, the mariadb-galera-server package would fail to install
because of package conflicts. With this update, these libraries have been
moved from mariadb-galera-server to mariadb-libs, and the
mariadb-galera-server package installs successfully. (BZ#1376902)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation
1376902 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict.
1376908 - mysqld service prevents haproxy to get started and deployment fails

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7:

Source:
mariadb-galera-5.5.42-1.2.el7ost.src.rpm

x86_64:
mariadb-galera-common-5.5.42-1.2.el7ost.x86_64.rpm
mariadb-galera-debuginfo-5.5.42-1.2.el7ost.x86_64.rpm
mariadb-galera-server-5.5.42-1.2.el7ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-6662
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/cve/CVE-2016-6662

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX/+ncXlSAg2UNWIIRAjDHAJ9pQ8o9rq4RJ1X10ucF9ZV7ZNAtNQCfY+ue
VoMtEE5l2Wp00bPtZcTFdJ0=
=ReLe
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb-galera security and bug fix update
Advisory ID:       RHSA-2016:2060-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2060.html
Issue date:        2016-10-13
CVE Names:         CVE-2016-6662 
=====================================================================

1. Summary:

An update for mariadb-galera is now available for Red Hat Enterprise Linux
OpenStack Platform 6.0 (Juno) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. Galera is a synchronous multi-master cluster for
MariaDB.

Security Fix(es):

* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)

Bug Fix(es):

* Because Red Hat Enterprise Linux 7.3 changed the return format of the
"systemctl is-enabled" command as consumed by shell scripts, the
mariadb-galera RPM package, upon installation, erroneously detected that
the MariaDB service was enabled when it was not. As a result, the Red Hat
OpenStack Platform installer, which then tried to run mariadb-galera using
Pacemaker and not systemd, failed to start Galera. With this update,
mariadb-galera's RPM installation scripts now use a different systemctl
command, correctly detecting the default MariaDB as disabled, and the
installer can succeed. (BZ#1376909)

* Previously, both the mariadb-server and mariadb-galera-server packages
shipped the client-facing libraries, dialog.so and mysql_clear_password.so.
As a result, the mariadb-galera-server package would fail to install
because of package conflicts. With this update, these libraries have been
moved from mariadb-galera-server to mariadb-libs, and the
mariadb-galera-server package installs successfully. (BZ#1376903)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation
1376903 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict.
1376909 - mysqld service prevents haproxy to get started and deployment fails

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7:

Source:
mariadb-galera-5.5.42-1.2.el7ost.src.rpm

x86_64:
mariadb-galera-common-5.5.42-1.2.el7ost.x86_64.rpm
mariadb-galera-debuginfo-5.5.42-1.2.el7ost.x86_64.rpm
mariadb-galera-server-5.5.42-1.2.el7ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-6662
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/cve/CVE-2016-6662

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX/+n4XlSAg2UNWIIRAqiYAKCmra9Lgje5oDlMbH8GxPJJMpsMogCfSb30
92s2svQXFq4UxaT7xg3sE78=
=QfH5
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb-galera security and bug fix update
Advisory ID:       RHSA-2016:2061-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2061.html
Issue date:        2016-10-13
CVE Names:         CVE-2016-6662 
=====================================================================

1. Summary:

An update for mariadb-galera is now available for Red Hat Enterprise Linux
OpenStack Platform 7.0 (Kilo) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. Galera is a synchronous multi-master cluster for
MariaDB.

Security Fix(es):

* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)

Bug Fix(es):

* Previously, both the mariadb-server and mariadb-galera-server packages
shipped the client-facing libraries, dialog.so and mysql_clear_password.so.
As a result, the mariadb-galera-server package would fail to install
because of package conflicts. With this update, these libraries have been
moved from mariadb-galera-server to mariadb-libs, and the
mariadb-galera-server package installs successfully. (BZ#1376904)

* Because Red Hat Enterprise Linux 7.3 changed the return format of the
"systemctl is-enabled" command as consumed by shell scripts, the
mariadb-galera RPM package, upon installation, erroneously detected that
the MariaDB service was enabled when it was not. As a result, the Red Hat
OpenStack Platform installer, which then tried to run mariadb-galera using
Pacemaker and not systemd, failed to start Galera. With this update,
mariadb-galera's RPM installation scripts now use a different systemctl
command, correctly detecting the default MariaDB as disabled, and the
installer can succeed. (BZ#1376910)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation
1376904 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict.
1376910 - mysqld service prevents haproxy to get started and deployment fails

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7:

Source:
mariadb-galera-5.5.42-5.el7ost.src.rpm

x86_64:
mariadb-galera-common-5.5.42-5.el7ost.x86_64.rpm
mariadb-galera-debuginfo-5.5.42-5.el7ost.x86_64.rpm
mariadb-galera-server-5.5.42-5.el7ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-6662
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX/+oQXlSAg2UNWIIRAsxqAJ9gO3qcyZavGXgY7hJRYvEFf972BwCguHnK
TJlkJuPFQjW/7SaD81/XPWQ=
=Rmjx
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb-galera security update
Advisory ID:       RHSA-2016:2062-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2062.html
Issue date:        2016-10-13
CVE Names:         CVE-2016-6662 
=====================================================================

1. Summary:

An update for mariadb-galera is now available for Red Hat OpenStack
Platform 9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 9.0 - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. Galera is a synchronous multi-master cluster for
MariaDB.

Security Fix(es):

* A permissions flaw was discovered in the MySQL logging functionality,
which allowed writing to MySQL configuration files. An administrative
database user, or a database user with FILE privileges, could possibly
exploit this flaw to run arbitrary commands with root privileges on the
system running the database server. (CVE-2016-6662)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation

6. Package List:

Red Hat OpenStack Platform 9.0:

Source:
mariadb-galera-5.5.42-5.el7ost.src.rpm

x86_64:
mariadb-galera-common-5.5.42-5.el7ost.x86_64.rpm
mariadb-galera-debuginfo-5.5.42-5.el7ost.x86_64.rpm
mariadb-galera-server-5.5.42-5.el7ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-6662
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX/+szXlSAg2UNWIIRAgnbAJ97dJVNpyC/mQE3rrezfRjOcTRdAQCfdB4h
aZGHT/AlOntAvQPPhongG8Y=
=bAsD
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWAAWAIx+lLeg9Ub1AQjSBg/+NSZbDGdzvXQZLhUxFJ3fvCQ5A/+2oSoS
xHTZUtYOesQn44hCaq/pemyWF4aMh/bz6b1W34LGsZt0iABdlFBwhTto2KkaFCyd
olJltYEG/2fRUoNF7bMahk7IWvPjAH4yeN62NvrLmHyyENpUVgVfYy7Q+tIOY9xn
MThNNLJ8bRzrli4IfmBgZJm0JVZa5zmq8CUIVpmQiMhJi3zLSggtKTvC+Azu/jPL
7BkYgvVSmjy6hmkd7Lm6wn9JVMqHxtsxUkxZj/2+CcMrM5dr/FcnzTMYQ+TCRjJp
ZAiMLDJii+C428dTppJMFKveor4uDatRsVqTsLbBiGXjkfT2kYkuKlY3i9fR6g5h
bDgyVNhDSJjQ/hePL2KIZQjl3C9slqY2cWQ0jXbf7qU6U+NnwxEo73HIz8HImEjj
NVXBT/OtY+ZUgWISrAIIDZcZ0+/BsSeXhvVOTO8oxH9qKSAZy8snJ59aS+cc+Lej
q8O8k4NCRzrq2OeoBvZZC/pMOyZKh4XonlgyPOxMAGh7Znox9J4jT02k56fNdzPt
eav8Oh4fKymQaFcuj/NnqJvC/X4kmrmKnmzbwm8Ofh/2HotJT6pdsOTkqoPFHoGX
MZU18ZSowc/Gin6lMA2iqhjMYogV6RSQrLWn4cI4QXUEHP5RdDUMjE4rFXjmpXc9
3qS/CbidfYQ=
=+ypK
-----END PGP SIGNATURE-----