CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

References

Affected packages

Git / github.com/mysql/mysql-server

Affected ranges

Type: GIT
Repo: https://github.com/mysql/mysql-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f9e2c6cd27268e72198bde3c1a71eb1273df335a

Affected versions

mysql-3.*

mysql-3.23.22-beta

mysql-3.23.24-beta

mysql-3.23.27-beta

mysql-3.23.28-gamma

mysql-3.23.29a-gamma

mysql-3.23.30-gamma

mysql-3.23.31

mysql-3.23.32

mysql-3.23.33

mysql-3.23.34

mysql-3.23.35

mysql-3.23.36

mysql-3.23.37

mysql-3.23.38

mysql-3.23.39

mysql-3.23.41

mysql-3.23.42

mysql-3.23.44

mysql-3.23.45

mysql-3.23.46

mysql-3.23.47

mysql-3.23.48

mysql-3.23.50

mysql-3.23.51

mysql-3.23.52

mysql-3.23.53

mysql-3.23.54

mysql-3.23.55

mysql-3.23.56

mysql-3.23.57

mysql-3.23.58

mysql-4.*

mysql-4.0.1

mysql-4.0.10

mysql-4.0.11

mysql-4.0.12

mysql-4.0.13

mysql-4.0.14

mysql-4.0.15

mysql-4.0.16

mysql-4.0.17

mysql-4.0.2

mysql-4.0.3

mysql-4.0.4

mysql-4.0.5

mysql-4.0.6

mysql-4.0.7

mysql-4.0.8

mysql-4.0.9

mysql-4.1.0

mysql-4.1.1

mysql-5.*

mysql-5.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8657.json"