CVE-2016-5483

NameCVE-2016-5483
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mariadb-10.0 (PTS)jessie10.0.27-0+deb8u1vulnerable
jessie (security)10.0.30-0+deb8u1fixed
mariadb-10.1 (PTS)stretch10.1.22-1fixed
sid10.1.22-2fixed
mysql-5.5 (PTS)wheezy5.5.47-0+deb7u1vulnerable
wheezy (security)5.5.54-0+deb7u2vulnerable
jessie5.5.53-0+deb8u1vulnerable
jessie (security)5.5.54-0+deb8u1vulnerable
mysql-5.7 (PTS)sid5.7.17-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mariadb-10.0source(unstable)10.0.28-1
mariadb-10.0sourcejessie10.0.28-0+deb8u1
mariadb-10.1source(unstable)(not affected)
mysql-5.5source(unstable)(unfixed)
mysql-5.7source(unstable)(unfixed)

Notes

- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
[jessie] - mysql-5.5 <no-dsa> (Minor issue)
[wheezy] - mysql-5.5 <no-dsa> (Minor issue)
https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/
Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1
Per MariaDB Security fixed with the following three commits:
https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d
https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e
https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e

Search for package or bug name: Reporting problems