[ GLSA 201409-04 ] MySQL: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: MySQL: Multiple vulnerabilities (GLSA 201409-04)
Severity: normal
Exploitable: local, remote
Date: September 04, 2014
Bug(s): #460748, #488212, #498164, #500260, #507802, #518718
ID: 201409-04

Synopsis

Multiple vulnerabilities have been found in MySQL, worst of which
allows local attackers to escalate their privileges.


Background

MySQL is a popular multi-threaded, multi-user SQL server.

Affected Packages

Package: dev-db/mysql
Vulnerable: < 5.5.39
Unaffected: >= 5.5.39
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.


Impact

A local attacker could possibly gain escalated privileges. A remote
attacker could send a specially crafted SQL query, possibly resulting in
a Denial of Service condition. A remote attacker could entice a user to
connect to specially crafted MySQL server, possibly resulting in
execution of arbitrary code with the privileges of the process.


Workaround

There is no known workaround at this time.

Resolution

All MySQL users should upgrade to the latest version: