Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting generallogfile to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.6"
},
{
"fixed": "5.6.32-78.0"
}
],
"vendor_product": "percona:percona_server"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "8.0"
}
],
"vendor_product": "debian:debian_linux"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "6.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_desktop"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "6.0"
}
],
"vendor_product": "redhat:enterprise_linux_server"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "7.3"
},
{
"last_affected": "7.4"
},
{
"last_affected": "7.6"
}
],
"vendor_product": "redhat:enterprise_linux_server_aus"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "7.3"
},
{
"last_affected": "7.4"
},
{
"last_affected": "7.5"
},
{
"last_affected": "7.6"
}
],
"vendor_product": "redhat:enterprise_linux_server_eus"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "7.3"
},
{
"last_affected": "7.6"
}
],
"vendor_product": "redhat:enterprise_linux_server_tus"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "6.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_workstation"
},
{
"cpes": [
"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "5.0"
},
{
"last_affected": "6.0"
},
{
"last_affected": "7.0"
},
{
"last_affected": "8"
},
{
"last_affected": "9"
}
],
"vendor_product": "redhat:openstack"
}
]
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.5.20"
},
{
"fixed": "5.5.51"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.27"
},
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.17"
}
],
"cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.5.0"
},
{
"last_affected": "5.5.52"
},
{
"introduced": "5.6.0"
},
{
"last_affected": "5.6.33"
},
{
"introduced": "5.7.0"
},
{
"last_affected": "5.7.15"
}
],
"cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.5"
},
{
"fixed": "5.5.51-38.1"
},
{
"introduced": "5.6"
},
{
"fixed": "5.6.32-78.0"
},
{
"introduced": "5.7"
},
{
"fixed": "5.7.14-7"
}
],
"cpe": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*"
}