| | 2 | |
| | 3 | |
| | 4 | {{{ |
| | 5 | Innodb updated to 5.6.35 |
| | 6 | A file format compatibility bug that was introduced in MariaDB 10.1.0 was fixed. Using page_compression or non-default innodb_page_size created files that were incompatible with MariaDB 10.0 or MySQL 5.6. MariaDB 10.1.21 will convert affected files from earlier MariaDB 10.1 releases to compatible format. This prevents a downgrade to earlier MariaDB 10.1 versions. See the commit for details. |
| | 7 | Performance Schema updated to 5.6.35 |
| | 8 | |
| | 9 | Fixes for the following security vulnerabilities: |
| | 10 | CVE-2016-6664 |
| | 11 | CVE-2017-3238 |
| | 12 | CVE-2017-3243 |
| | 13 | CVE-2017-3244 |
| | 14 | CVE-2017-3257 |
| | 15 | CVE-2017-3258 |
| | 16 | CVE-2017-3265 |
| | 17 | CVE-2017-3291 |
| | 18 | CVE-2017-3312 |
| | 19 | CVE-2017-3317 |
| | 20 | CVE-2017-3318 |
| | 21 | |
| | 22 | }}} |
| | 23 | |
| | 24 | CVE-2016-6664 is a root privilege escalation issue that is classifed as a zero day. There is a video here of it being exploited: |
| | 25 | |
| | 26 | [https://legalhackers.com/videos/MySQL-MariaDB-PerconaDB-PrivEsc-Race-CVE-2016-6663-5616-6664-5617-Exploits.html] |
| | 27 | |
| | 28 | [http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html] |
| | 29 | |
| | 30 | Requires immediate response. I'm going to take this and do it in the next few hours. |
