Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. External References: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1276223]
Oracle CPU indicates this issue was fixed in MySQL 5.5.44 and 5.6.25, hence it was already corrected in the following updates released in August 2015: Red Hat Enterprise Linux 5 - mysql55-mysql https://rhn.redhat.com/errata/RHSA-2015-1628.html Red Hat Software Collections - mysql55-mysql https://rhn.redhat.com/errata/RHSA-2015-1629.html Red Hat Software Collections - rh-mysql56-mysql https://rhn.redhat.com/errata/RHSA-2015-1630.html MariaDB upstream indicates this was fixed in versions 5.5.44, 10.0.20 and 10.1.8: https://mariadb.com/kb/en/mariadb-5544-release-notes/ https://mariadb.com/kb/en/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb-1018-release-notes/ Hence it was already corrected in the following updates released in August 2015: Red Hat Enterprise Linux 7 - mariadb https://rhn.redhat.com/errata/RHSA-2015-1665.html Red Hat Software Collections - mariadb55-mariadb https://rhn.redhat.com/errata/RHSA-2015-1647.html Red Hat Software Collections - rh-mariadb100-mariadb https://rhn.redhat.com/errata/RHSA-2015-1646.html