{"id":"MGASA-2016-0371","summary":"Updated mariadb packages fix security vulnerabilities","details":"A race condition was found in the way MariaDB performed MyISAM engine\ntable repair. A database user with shell access to the server running\nmysqld could use this flaw to change permissions of arbitrary files\nwritable by the mysql system user (CVE-2016-6663).\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver.   Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section\n(CVE-2016-3492, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624,\nCVE-2016-5626, CVE-2016-5629, CVE-2016-7440, CVE-2016-8283).\n","modified":"2026-01-31T13:02:25.266138Z","published":"2016-11-09T21:43:03Z","related":["CVE-2016-3492","CVE-2016-5584","CVE-2016-5616","CVE-2016-5624","CVE-2016-5626","CVE-2016-5629","CVE-2016-6663","CVE-2016-7440","CVE-2016-8283"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0371.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19693"},{"type":"REPORT","url":"https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/"},{"type":"REPORT","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2016-2595.html"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/mariadb?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.0.28-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0371.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}