Easyengine and CVE-2016-6662


#1

Hi,

I wanted to know if this vulnerability has been fixed (some news reports say MariaDB patched this on the 29th) my system is up to date but I don’t remember seeing MariaDB in the list of updates back then. Can someone confirm to me that this is fixed in EasyEngine’s repository as well?


#2

Sorry for the delayed reply. We use MariaDB deb for EasyEngine and according to their blog post

MariaDB Server 10.1.8 or later from RPM or DEB packages are not affected by the vulnerability

So, you just need to make sure that your MariaDB version is higher than 10.1.8. You can update the package by the command:

apt-get install mariadb-server

or

ee stack upgrade --mysql


#3

Thanks for the advice… For some reason I am unable to upgrade mariaDb and I am stuck on version 10.0.23-MariaDB even though I have tried

apt-get install mariadb-server

and

ee stack upgrade --mysql

and

apt-get update

apt-get upgrade

In addition to rebooting.

Is this an affected version and If so how else could I upgrade the mariadb

Any advice ?


#4

I didnt get any reply but here is hoping that this script helps someone else

sudo apt-get install software-properties-common sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db sudo add-apt-repository ‘deb [arch=amd64,i386,ppc64el] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu trusty main’ sudo apt-get update sudo apt-get install mariadb-server


#5