====================================================================

                                  CERT-Renater

                     Note d'Information No. 2016/VULN315
_____________________________________________________________________

DATE                : 13/09/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Percona Server versions prior to
                        5.5.51-38.1, 5.6.32-78.0, 5.7.14-7.

=====================================================================
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/
____________________________________________________________________

Percona Server Critical Update CVE-2016-6662

David Busby  | September 12, 2016

CVE-2016-6662This blog is an announcement for a Percona Server update
with regards to CVE-2016-6662.

We have added a fix for CVE-2016-6662 in the following releases:

     Percona Server 5.5.51-38.1
     Percona Server 5.6.32-78.0
     Percona Server 5.7.14-7

 From seclist.org:

An independent research has revealed multiple severe MySQL
vulnerabilities. This advisory focuses on a critical vulnerability with
a CVEID of CVE-2016-6662. The vulnerability affects MySQL servers in
all version branches (5.7, 5.6, and 5.5) including the latest versions,
and could be exploited by both local and remote attackers.

Both the authenticated access to MySQL database (via network connection
or web interfaces such as phpMyAdmin) and SQL Injection could be used
as exploitation vectors. Successful exploitation could allow attackers
to execute arbitrary code with root privileges which would then allow
them to fully compromise the server on which an affected version of
MySQL is running.

This is a CRITICAL update, and the fix mitigates the potential for
remote root code execution.

We encourage our users to update to the latest version of their
particular fork as soon as possible, ensuring they have appropriate
change management procedures in place beforehand so they can test the
update before placing it into production.

Percona would like to thank Dawid Golunski of http://legalhackers.com/
for disclosing this vulnerability in the MySQL software, and working
with us to resolve this problem.


David Busby

Information Security Architect

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================