We want to let you know that all the published Bitnami Stacks that include MySQL or MariaDB as the database server are not affected, since they are using non-affected versions of the component.
CVE-2016-6663
The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user.
Successful exploitation would allow an attacker to gain access to all of the databases stored on the affected database server.
Affected versions:
MariaDB
< 5.5.52
< 10.1.18
< 10.0.28
MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14
More information about this issue can be found at the following link: https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html
CVE-2016-6664
MySQL-based databases including MySQL, MariaDB and Percona are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system.
The vulnerability stems from unsafe file handling of error logs and other files.
Affected versions:
MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14
MariaDB
All current
More information about this issue can be found at the following link: https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
Are you using an affected version of the server or do you have questions about the security issue? Please post to our community forum and we will be happy to help you.