Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo 201504-05 Advisory: Addressing MySQL & MariaDB DoS Vulnerabilities

gentoo
Calendar Grey April 11, 2015
Dist Gentoo Esm H88
Numerous security flaws in MySQL and MariaDB might enable distant users to instigate Denial of Service attacks on Gentoo platforms.
Multiple vulnerabilities have been found in MySQL and MariaDB, the worst of which can allow remote attackers to cause a Denial of Service condition

Summary

Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory denial of service gentoo mysql mariadb

Resolution

All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.22"
All MariaDB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.16"

References

[ 1 ] CVE-2014-6568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6568 [ 2 ] CVE-2015-0374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0374 [ 3 ] CVE-2015-0381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0381 [ 4 ] CVE-2015-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0382 [ 5 ] CVE-2015-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0385 [ 6 ] CVE-2015-0391 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0391 [ 7 ] CVE-2015-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0409 [ 8 ] CVE-2015-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0411 [ 9 ] CVE-2015-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0432

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201504-05
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: MySQL and MariaDB: Multiple vulnerabilities
Date: April 11, 2015
Bugs: #537216, #537262
ID: 201504-05

Topics%20covered

Topics Covered

security advisory denial of service gentoo mysql mariadb

Synopsis

Multiple vulnerabilities have been found in MySQL and MariaDB, the worst of which can allow remote attackers to cause a Denial of Service condition.

Background

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.6.22 >= 5.6.22 2 dev-db/mariadb < 10.0.16 >= 10.0.16 ------------------------------------------------------------------- 2 affected packages

Impact

===== A remote attacker could exploit vulnerabilities to possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here