Important Information Regarding MariaDB Vulnerability (CVE-2016-6662)

Publish Time: 2016-09-23 00:00:00 UTC+8

Last Updated: 2016-09-23 12:00:00 UTC+8

Severity: Low

Status: Resolved

Description

A vulnerability of MariaDB (CVE-2016-6662) has been revealed that the remote code execution can be performed via SQL injection. However, after further investigation, it has been confirmed that Synology NAS is not affected by this vulnerability because of its strict permission control design. Synology NAS will remain unaffected as long as no manual modification was done to the configuration file of MariaDB.

However, for precautionary purposes, a newer version of MariaDB has been released to address this issue.

Severity

Low

Update Availability

To fix the security issues, please go to DSM > Package Center, install the latest version 5.5.52 of MariaDB to protect your Synology NAS from malicious attacks.

References

http://seclists.org/oss-sec/2016/q3/481
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
https://jira.mariadb.org/browse/MDEV-10465
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/