What Are You Looking For?

Sign Up
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201409-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: MySQL: Multiple vulnerabilities
     Date: September 04, 2014
     Bugs: #460748, #488212, #498164, #500260, #507802, #518718
       ID: 201409-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in MySQL, worst of which
allows local attackers to escalate their privileges.

Background
=========
MySQL is a popular multi-threaded, multi-user SQL server.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-db/mysql                 < 5.5.39                  >= 5.5.39

Description
==========
Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
=====
A local attacker could possibly gain escalated privileges. A remote
attacker could send a specially crafted SQL query, possibly resulting
in a Denial of Service condition. A remote attacker could entice a user
to connect to specially crafted MySQL server, possibly resulting in
execution of arbitrary code with the privileges of the process.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All MySQL users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39"

References
=========
[  1 ] CVE-2013-1861
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1861
[  2 ] CVE-2013-2134
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2134
[  3 ] CVE-2013-3839
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3839
[  4 ] CVE-2013-5767
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5767
[  5 ] CVE-2013-5770
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5770
[  6 ] CVE-2013-5786
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5786
[  7 ] CVE-2013-5793
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5793
[  8 ] CVE-2013-5807
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5807
[  9 ] CVE-2013-5860
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5860
[ 10 ] CVE-2013-5881
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5881
[ 11 ] CVE-2013-5882
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5882
[ 12 ] CVE-2013-5891
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5891
[ 13 ] CVE-2013-5894
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5894
[ 14 ] CVE-2013-5908
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5908
[ 15 ] CVE-2014-0001
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001
[ 16 ] CVE-2014-0384
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0384
[ 17 ] CVE-2014-0386
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0386
[ 18 ] CVE-2014-0393
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0393
[ 19 ] CVE-2014-0401
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0401
[ 20 ] CVE-2014-0402
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0402
[ 21 ] CVE-2014-0412
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0412
[ 22 ] CVE-2014-0420
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0420
[ 23 ] CVE-2014-0427
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0427
[ 24 ] CVE-2014-0430
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0430
[ 25 ] CVE-2014-0431
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0431
[ 26 ] CVE-2014-0433
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0433
[ 27 ] CVE-2014-0437
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0437
[ 28 ] CVE-2014-2419
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2419
[ 29 ] CVE-2014-2430
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2430
[ 30 ] CVE-2014-2431
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2431
[ 31 ] CVE-2014-2432
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2432
[ 32 ] CVE-2014-2434
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2434
[ 33 ] CVE-2014-2435
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2435
[ 34 ] CVE-2014-2436
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2436
[ 35 ] CVE-2014-2438
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2438
[ 36 ] CVE-2014-2440
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2440

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/glsa-201409-04.xml

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-201409-04: MySQL: Multiple vulnerabilities

Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges.

Summary

Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.

Resolution

All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39"

References

[ 1 ] CVE-2013-1861 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1861 [ 2 ] CVE-2013-2134 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2134 [ 3 ] CVE-2013-3839 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3839 [ 4 ] CVE-2013-5767 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5767 [ 5 ] CVE-2013-5770 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5770 [ 6 ] CVE-2013-5786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5786 [ 7 ] CVE-2013-5793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5793 [ 8 ] CVE-2013-5807 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5807 [ 9 ] CVE-2013-5860 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5860 [ 10 ] CVE-2013-5881 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5881 [ 11 ] CVE-2013-5882 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5882 [ 12 ] CVE-2013-5891 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5891 [ 13 ] CVE-2013-5894 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5894 [ 14 ] CVE-2013-5908 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5908 [ 15 ] CVE-2014-0001 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001 [ 16 ] CVE-2014-0384 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0384 [ 17 ] CVE-2014-0386 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0386 [ 18 ] CVE-2014-0393 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0393 [ 19 ] CVE-2014-0401 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0401 [ 20 ] CVE-2014-0402 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0402 [ 21 ] CVE-2014-0412 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0412 [ 22 ] CVE-2014-0420 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0420 [ 23 ] CVE-2014-0427 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0427 [ 24 ] CVE-2014-0430 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0430 [ 25 ] CVE-2014-0431 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0431 [ 26 ] CVE-2014-0433 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0433 [ 27 ] CVE-2014-0437 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0437 [ 28 ] CVE-2014-2419 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2419 [ 29 ] CVE-2014-2430 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2430 [ 30 ] CVE-2014-2431 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2431 [ 31 ] CVE-2014-2432 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2432 [ 32 ] CVE-2014-2434 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2434 [ 33 ] CVE-2014-2435 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2435 [ 34 ] CVE-2014-2436 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2436 [ 35 ] CVE-2014-2438 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2438 [ 36 ] CVE-2014-2440 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2440

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/glsa-201409-04.xml

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: MySQL: Multiple vulnerabilities
Date: September 04, 2014
Bugs: #460748, #488212, #498164, #500260, #507802, #518718
ID: 201409-04

Synopsis

Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges.

Background

MySQL is a popular multi-threaded, multi-user SQL server.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.5.39 >= 5.5.39

Impact

===== A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Nov 8, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo