Gentoo: GLSA-201409-04: MySQL: Multiple vulnerabilities

    Date04 Sep 2014
    CategoryGentoo
    30
    Posted ByLinuxSecurity Advisories
    Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory                           GLSA 201409-04
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
     Severity: Normal
        Title: MySQL: Multiple vulnerabilities
         Date: September 04, 2014
         Bugs: #460748, #488212, #498164, #500260, #507802, #518718
           ID: 201409-04
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    Synopsis
    ========
    
    Multiple vulnerabilities have been found in MySQL, worst of which
    allows local attackers to escalate their privileges.
    
    Background
    ==========
    
    MySQL is a popular multi-threaded, multi-user SQL server.
    
    Affected packages
    =================
    
        -------------------------------------------------------------------
         Package              /     Vulnerable     /            Unaffected
        -------------------------------------------------------------------
      1  dev-db/mysql                 < 5.5.39 >= 5.5.39
    
    Description
    ===========
    
    Multiple vulnerabilities have been discovered in MySQL. Please review
    the CVE identifiers referenced below for details.
    
    Impact
    ======
    
    A local attacker could possibly gain escalated privileges. A remote
    attacker could send a specially crafted SQL query, possibly resulting
    in a Denial of Service condition. A remote attacker could entice a user
    to connect to specially crafted MySQL server, possibly resulting in
    execution of arbitrary code with the privileges of the process.
    
    Workaround
    ==========
    
    There is no known workaround at this time.
    
    Resolution
    ==========
    
    All MySQL users should upgrade to the latest version:
    
      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39"
    
    References
    ==========
    
    [  1 ] CVE-2013-1861
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1861
    [  2 ] CVE-2013-2134
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2134
    [  3 ] CVE-2013-3839
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3839
    [  4 ] CVE-2013-5767
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5767
    [  5 ] CVE-2013-5770
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5770
    [  6 ] CVE-2013-5786
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5786
    [  7 ] CVE-2013-5793
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5793
    [  8 ] CVE-2013-5807
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5807
    [  9 ] CVE-2013-5860
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5860
    [ 10 ] CVE-2013-5881
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5881
    [ 11 ] CVE-2013-5882
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5882
    [ 12 ] CVE-2013-5891
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5891
    [ 13 ] CVE-2013-5894
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5894
    [ 14 ] CVE-2013-5908
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5908
    [ 15 ] CVE-2014-0001
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001
    [ 16 ] CVE-2014-0384
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0384
    [ 17 ] CVE-2014-0386
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0386
    [ 18 ] CVE-2014-0393
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0393
    [ 19 ] CVE-2014-0401
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0401
    [ 20 ] CVE-2014-0402
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0402
    [ 21 ] CVE-2014-0412
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0412
    [ 22 ] CVE-2014-0420
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0420
    [ 23 ] CVE-2014-0427
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0427
    [ 24 ] CVE-2014-0430
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0430
    [ 25 ] CVE-2014-0431
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0431
    [ 26 ] CVE-2014-0433
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0433
    [ 27 ] CVE-2014-0437
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0437
    [ 28 ] CVE-2014-2419
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2419
    [ 29 ] CVE-2014-2430
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2430
    [ 30 ] CVE-2014-2431
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2431
    [ 31 ] CVE-2014-2432
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2432
    [ 32 ] CVE-2014-2434
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2434
    [ 33 ] CVE-2014-2435
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2435
    [ 34 ] CVE-2014-2436
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2436
    [ 35 ] CVE-2014-2438
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2438
    [ 36 ] CVE-2014-2440
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2440
    
    Availability
    ============
    
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    
     http://security.gentoo.org/glsa/glsa-201409-04.xml
    
    Concerns?
    =========
    
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to
    This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at
    https://bugs.gentoo.org.
    
    License
    =======
    
    Copyright 2014 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    
    http://creativecommons.org/licenses/by-sa/2.5
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.