Important Information Regarding MariaDB Vulnerability (CVE-2016-6664)

Publish Time: 2016-11-04 00:00:00 UTC+8

Last Updated: 2016-11-04 12:00:00 UTC+8

Severity
Low
Status
Resolved

Description

The root privilege escalation vulnerability could be triggered by the symlink attack, leading to remote root code execution via the MariaDB vulnerability (CVE-2016-6664).

For precautionary purposes, we strongly recommend you upgrade the MariaDB package to version 5.5.52 to mitigate this vulnerability first, and another version will be released soon to address this issue.

Severity

Low

Update Availability

To fix the security issues, please go to DSM > Package Center, upgrade to MariaDB 5.5.52 to mitigate CVE-2016-6664 first to protect your Synology NAS from malicious attacks.

References

https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html