public inbox for gentoo-announce@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* [gentoo-announce] [ GLSA 201610-06 ] MySQL and MariaDB: Multiple vulnerabilities
@ 2016-10-11 13:44 99% Aaron Bauman
  0 siblings, 0 replies; 1+ results
From: Aaron Bauman @ 2016-10-11 13:44 UTC (permalink / raw
  To: gentoo-announce


[-- Attachment #1.1.1: Type: text/plain, Size: 4476 bytes --]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201610-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: MySQL and MariaDB: Multiple vulnerabilities
     Date: October 11, 2016
     Bugs: #546724, #555478, #555480, #564170, #564442, #572870,
           #580832, #580834, #589238, #589346, #593608
       ID: 201610-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL and MariaDB, the
worst of which could allow remote attackers to cause a Denial of
Service condition or obtain sensitive information.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-db/mysql                 < 5.6.31                  >= 5.6.31 
  2  dev-db/mariadb              < 10.0.27                  *> 5.5.51 
  3  dev-db/mariab                                         >= 10.0.27 
    -------------------------------------------------------------------
     3 affected packages

Description
===========

Multiple vulnerabilities have been discovered in MySQL and MariaDB.
Please review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could exploit vulnerabilities, through multiple
vectors, that affect the confidentiality, integrity, and availability
of MySQL and MariaDB.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.31"

All MariaDB users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.27"

References
==========

[  1 ] CVE-2015-2582
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582
[  2 ] CVE-2015-2611
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611
[  3 ] CVE-2015-2617
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617
[  4 ] CVE-2015-2620
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620
[  5 ] CVE-2015-2639
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639
[  6 ] CVE-2015-2641
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641
[  7 ] CVE-2015-2643
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643
[  8 ] CVE-2015-2648
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648
[  9 ] CVE-2015-2661
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661
[ 10 ] CVE-2015-4737
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737
[ 11 ] CVE-2015-4752
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752
[ 12 ] CVE-2015-4756
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756
[ 13 ] CVE-2015-4757
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757
[ 14 ] CVE-2015-4767
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767
[ 15 ] CVE-2015-4769
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769
[ 16 ] CVE-2015-4771
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771
[ 17 ] CVE-2015-4772
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201610-06

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


[-- Attachment #1.1.2: Type: text/html, Size: 7093 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-10-11 13:44 99% [gentoo-announce] [ GLSA 201610-06 ] MySQL and MariaDB: Multiple vulnerabilities Aaron Bauman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox