Detections
Analytics

RHEL 7 : mariadb-galera (RHSA-2016:2060)

critical Nessus Plugin ID 233051

Language:

Synopsis

The remote Red Hat host is missing a security update for mariadb-galera.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2060 advisory.

 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB.

 Security Fix(es):

 * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)

 Bug Fix(es):

 * Because Red Hat Enterprise Linux 7.3 changed the return format of the systemctl is-enabled command as consumed by shell scripts, the mariadb-galera RPM package, upon installation, erroneously detected that the MariaDB service was enabled when it was not. As a result, the Red Hat OpenStack Platform installer, which then tried to run mariadb-galera using Pacemaker and not systemd, failed to start Galera. With this update, mariadb-galera's RPM installation scripts now use a different systemctl command, correctly detecting the default MariaDB as disabled, and the installer can succeed. (BZ#1376909)

 * Previously, both the mariadb-server and mariadb-galera-server packages shipped the client-facing libraries, dialog.so and mysql_clear_password.so. As a result, the mariadb-galera-server package would fail to install because of package conflicts. With this update, these libraries have been moved from mariadb-galera-server to mariadb-libs, and the mariadb-galera-server package installs successfully.
 (BZ#1376903)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL mariadb-galera package based on the guidance in RHSA-2016:2060.

See Also

https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/security/cve/CVE-2016-6662

https://bugzilla.redhat.com/show_bug.cgi?id=1375198

https://bugzilla.redhat.com/show_bug.cgi?id=1376903

https://bugzilla.redhat.com/show_bug.cgi?id=1376909

http://www.nessus.org/u?a757b91c

https://access.redhat.com/errata/RHSA-2016:2060

Plugin Details

Severity: Critical

ID: 233051

File Name: redhat-RHSA-2016-2060.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/20/2025

Updated: 3/20/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-6662

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mariadb-galera-server, p-cpe:/a:redhat:enterprise_linux:mariadb-galera, p-cpe:/a:redhat:enterprise_linux:mariadb-galera-common, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/13/2016

Vulnerability Publication Date: 9/12/2016

Reference Information

CVE: CVE-2016-6662

CWE: 732

RHSA: 2016:2060