Jump to content
Compatible Support Forums
Sign in to follow this  
news

[gentoo-announce] [ GLSA 201308-06 ] MySQL: Multiple vulnerabilities

Recommended Posts

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201308-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: High

Title: MySQL: Multiple vulnerabilities

Date: August 29, 2013

Bugs: #399375, #411503, #412889, #417989, #445602, #462498,

#466236, #477474

ID: 201308-06

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities have been found in MySQL, allowing attackers

to execute arbitrary code or cause Denial of Service.

 

Background

==========

 

MySQL is a fast, multi-threaded, multi-user SQL database server.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 dev-db/mysql < 5.1.70 >= 5.1.70

 

Description

===========

 

Multiple vulnerabilities have been discovered in MySQL. Please review

the CVE identifiers referenced below for details.

 

Impact

======

 

A remote attacker could send a specially crafted request, possibly

resulting in execution of arbitrary code with the privileges of the

application or a Denial of Service condition.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All MySQL users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"

 

References

==========

 

[ 1 ] CVE-2011-2262

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262

[ 2 ] CVE-2012-0075

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075

[ 3 ] CVE-2012-0087

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087

[ 4 ] CVE-2012-0101

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101

[ 5 ] CVE-2012-0102

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102

[ 6 ] CVE-2012-0112

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112

[ 7 ] CVE-2012-0113

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113

[ 8 ] CVE-2012-0114

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114

[ 9 ] CVE-2012-0115

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115

[ 10 ] CVE-2012-0116

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116

[ 11 ] CVE-2012-0117

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117

[ 12 ] CVE-2012-0118

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118

[ 13 ] CVE-2012-0119

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119

[ 14 ] CVE-2012-0120

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120

[ 15 ] CVE-2012-0484

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484

[ 16 ] CVE-2012-0485

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485

[ 17 ] CVE-2012-0486

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486

[ 18 ] CVE-2012-0487

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487

[ 19 ] CVE-2012-0488

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488

[ 20 ] CVE-2012-0489

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489

[ 21 ] CVE-2012-0490

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490

[ 22 ] CVE-2012-0491

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491

[ 23 ] CVE-2012-0492

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492

[ 24 ] CVE-2012-0493

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493

[ 25 ] CVE-2012-0494

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494

[ 26 ] CVE-2012-0495

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495

[ 27 ] CVE-2012-0496

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496

[ 28 ] CVE-2012-0540

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540

[ 29 ] CVE-2012-0553

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553

[ 30 ] CVE-2012-0572

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572

[ 31 ] CVE-2012-0574

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574

[ 32 ] CVE-2012-0578

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578

[ 33 ] CVE-2012-0583

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583

[ 34 ] CVE-2012-1492

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1492

[ 35 ] CVE-2012-1623

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1623

[ 36 ] CVE-2012-1688

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688

[ 37 ] CVE-2012-1689

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689

[ 38 ] CVE-2012-1690

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690

[ 39 ] CVE-2012-1696

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696

[ 40 ] CVE-2012-1697

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697

[ 41 ] CVE-2012-1702

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702

[ 42 ] CVE-2012-1703

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703

[ 43 ] CVE-2012-1705

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705

[ 44 ] CVE-2012-1734

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734

[ 45 ] CVE-2012-2102

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102

[ 46 ] CVE-2012-2122

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122

[ 47 ] CVE-2012-2749

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749

[ 48 ] CVE-2012-3150

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150

[ 49 ] CVE-2012-3158

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158

[ 50 ] CVE-2012-3160

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160

[ 51 ] CVE-2012-3163

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163

[ 52 ] CVE-2012-3166

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166

[ 53 ] CVE-2012-3167

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167

[ 54 ] CVE-2012-3173

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173

[ 55 ] CVE-2012-3177

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177

[ 56 ] CVE-2012-3180

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180

[ 57 ] CVE-2012-3197

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197

[ 58 ] CVE-2012-5060

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060

[ 59 ] CVE-2012-5096

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096

[ 60 ] CVE-2012-5611

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611

[ 61 ] CVE-2012-5612

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612

[ 62 ] CVE-2012-5613

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613

[ 63 ] CVE-2012-5614

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614

[ 64 ] CVE-2012-5615

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615

[ 65 ] CVE-2012-5627

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627

[ 66 ] CVE-2013-0367

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367

[ 67 ] CVE-2013-0368

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368

[ 68 ] CVE-2013-0371

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371

[ 69 ] CVE-2013-0375

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375

[ 70 ] CVE-2013-0383

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383

[ 71 ] CVE-2013-0384

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384

[ 72 ] CVE-2013-0385

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385

[ 73 ] CVE-2013-0386

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386

[ 74 ] CVE-2013-0389

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389

[ 75 ] CVE-2013-1502

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502

[ 76 ] CVE-2013-1506

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506

[ 77 ] CVE-2013-1511

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511

[ 78 ] CVE-2013-1512

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512

[ 79 ] CVE-2013-1521

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521

[ 80 ] CVE-2013-1523

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523

[ 81 ] CVE-2013-1526

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526

[ 82 ] CVE-2013-1531

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531

[ 83 ] CVE-2013-1532

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532

[ 84 ] CVE-2013-1544

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544

[ 85 ] CVE-2013-1548

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548

[ 86 ] CVE-2013-1552

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552

[ 87 ] CVE-2013-1555

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555

[ 88 ] CVE-2013-1566

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566

[ 89 ] CVE-2013-1567

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567

[ 90 ] CVE-2013-1570

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570

[ 91 ] CVE-2013-2375

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375

[ 92 ] CVE-2013-2376

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376

[ 93 ] CVE-2013-2378

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378

[ 94 ] CVE-2013-2381

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381

[ 95 ] CVE-2013-2389

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389

[ 96 ] CVE-2013-2391

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391

[ 97 ] CVE-2013-2392

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392

[ 98 ] CVE-2013-2395

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395

[ 99 ] CVE-2013-3802

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802

[ 100 ] CVE-2013-3804

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804

[ 101 ] CVE-2013-3808

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-201308-06.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2013 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×