GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Oct 11, 2016 2:26 pm Post subject: [ GLSA 201610-06 ] MySQL and MariaDB |
|
|
Gentoo Linux Security Advisory
Title: MySQL and MariaDB: Multiple vulnerabilities (GLSA 201610-06)
Severity: normal
Exploitable: remote
Date: October 11, 2016
Bug(s): #546724, #555478, #555480, #564170, #564442, #572870, #580832, #580834, #589238, #589346, #593608
ID: 201610-06
Synopsis
Multiple vulnerabilities have been found in MySQL and MariaDB, the
worst of which could allow remote attackers to cause a Denial of Service
condition or obtain sensitive information.
Background
MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.
Affected Packages
Package: dev-db/mysql
Vulnerable: < 5.6.31
Unaffected: >= 5.6.31
Architectures: All supported architectures
Package: dev-db/mariadb
Vulnerable: < 10.0.27
Unaffected: > 5.5.51 < 5.5.52
Architectures: All supported architectures
Package: dev-db/mariab
Unaffected: >= 10.0.27
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in MySQL and MariaDB.
Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could exploit vulnerabilities, through multiple
vectors, that affect the confidentiality, integrity, and availability of
MySQL and MariaDB.
Workaround
There is no known workaround at this time.
Resolution
All MySQL users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.31"
| All MariaDB users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.27"
|
References
CVE-2015-2582
CVE-2015-2611
CVE-2015-2617
CVE-2015-2620
CVE-2015-2639
CVE-2015-2641
CVE-2015-2643
CVE-2015-2648
CVE-2015-2661
CVE-2015-4737
CVE-2015-4752
CVE-2015-4756
CVE-2015-4757
CVE-2015-4767
CVE-2015-4769
CVE-2015-4771
CVE-2015-4772 |
|