These vulnerabilities allow an attacker to take complete control over the database.
The last Critical Patch Update (CPU) released by Oracle was on July 19, 2016.
The issue was reported to Oracle on July 29, 2016, Golunski says.
Oracles security team acknowledged and triaged the report, he added.
The vulnerabilities were patched by PerconaDB and MariaDB vendors by the end of 30th of August, Golunski clarified.
Often during system updates, package updates, or system reboots, the database servers are restarted.
CVE-2016-6663 also leads to remote code execution under a root user.
Source:Softpedia
Read More
source: www.techworm.net
