1

According to different Websites MySQL 5.5.52 [1] [2] is affected by CVE-2016-6662.

At the MySQL 5.5.52 Release Notes i see that the security problem should got fixed in the 5.5.52 release:

For mysqld_safe, the argument to --malloc-lib now must be one of the directories /usr/lib, /usr/lib64, /usr/lib/i386-linux-gnu, or /usr/lib/x86_64-linux-gnu. In addition, the --mysqld and --mysqld-version options can be used only on the command line and not in an option file. (Bug #24464380)

I am unsure if i am affected or not, the exact installed version on my server, which is running on CentOS 6, is mysql-5.5.52-36.el6.art.x86_64 from the webtatic repo.

The paper on legalhackers.com from Dawid Golunski, which had found that issue, does not list my mysql version.

Improve this question

1 Answer 1

Reset to default
1

FWIW, the Oracle Critical Patch Update release notes agree with the CVE descriptions, 5.5.52 is affected.

As to the legalhacker link, considering that he published that six days after 5.5.52 was released I'd guess that he never tested that version.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.