From: | Thomas Deutschmann <whissi@g.o> |
---|---|
To: | gentoo-announce@l.g.o |
Subject: | [gentoo-announce] [ GLSA 201802-04 ] MySQL: Multiple vulnerabilities |
Date: | Tue, 20 Feb 2018 01:00:16 |
Message-Id: | 7a594f10-5c06-e039-b386-d7383f6b5b1a@gentoo.org |
1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 | Gentoo Linux Security Advisory GLSA 201802-04 |
3 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 | https://security.gentoo.org/ |
5 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 | |
7 | Severity: High |
8 | Title: MySQL: Multiple vulnerabilities |
9 | Date: February 20, 2018 |
10 | Bugs: #616486, #625626, #634652, #644986 |
11 | ID: 201802-04 |
12 | |
13 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
14 | |
15 | Synopsis |
16 | ======== |
17 | |
18 | Multiple vulnerabilities were found in MySQL, the worst of which may |
19 | allow remote execution of arbitrary code. |
20 | |
21 | Background |
22 | ========== |
23 | |
24 | A fast, multi-threaded, multi-user SQL database server. |
25 | |
26 | Affected packages |
27 | ================= |
28 | |
29 | ------------------------------------------------------------------- |
30 | Package / Vulnerable / Unaffected |
31 | ------------------------------------------------------------------- |
32 | 1 dev-db/mysql < 5.6.39 >= 5.6.39 |
33 | |
34 | Description |
35 | =========== |
36 | |
37 | Multiple vulnerabilities have been discovered in MySQL. Please review |
38 | the referenced CVE identifiers for details. |
39 | |
40 | Impact |
41 | ====== |
42 | |
43 | A remote attacker could execute arbitrary code without authentication |
44 | or cause a partial denial of service condition. |
45 | |
46 | Workaround |
47 | ========== |
48 | |
49 | There are no known workarounds at this time. |
50 | |
51 | Resolution |
52 | ========== |
53 | |
54 | All MySQL users should upgrade to the latest version: |
55 | |
56 | # emerge --sync |
57 | # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.39" |
58 | |
59 | References |
60 | ========== |
61 | |
62 | [ 1 ] CVE-2017-10155 |
63 | https://nvd.nist.gov/vuln/detail/CVE-2017-10155 |
64 | [ 2 ] CVE-2017-10227 |
65 | https://nvd.nist.gov/vuln/detail/CVE-2017-10227 |
66 | [ 3 ] CVE-2017-10268 |
67 | https://nvd.nist.gov/vuln/detail/CVE-2017-10268 |
68 | [ 4 ] CVE-2017-10276 |
69 | https://nvd.nist.gov/vuln/detail/CVE-2017-10276 |
70 | [ 5 ] CVE-2017-10283 |
71 | https://nvd.nist.gov/vuln/detail/CVE-2017-10283 |
72 | [ 6 ] CVE-2017-10286 |
73 | https://nvd.nist.gov/vuln/detail/CVE-2017-10286 |
74 | [ 7 ] CVE-2017-10294 |
75 | https://nvd.nist.gov/vuln/detail/CVE-2017-10294 |
76 | [ 8 ] CVE-2017-10314 |
77 | https://nvd.nist.gov/vuln/detail/CVE-2017-10314 |
78 | [ 9 ] CVE-2017-10378 |
79 | https://nvd.nist.gov/vuln/detail/CVE-2017-10378 |
80 | [ 10 ] CVE-2017-10379 |
81 | https://nvd.nist.gov/vuln/detail/CVE-2017-10379 |
82 | [ 11 ] CVE-2017-10384 |
83 | https://nvd.nist.gov/vuln/detail/CVE-2017-10384 |
84 | [ 12 ] CVE-2017-3308 |
85 | https://nvd.nist.gov/vuln/detail/CVE-2017-3308 |
86 | [ 13 ] CVE-2017-3309 |
87 | https://nvd.nist.gov/vuln/detail/CVE-2017-3309 |
88 | [ 14 ] CVE-2017-3329 |
89 | https://nvd.nist.gov/vuln/detail/CVE-2017-3329 |
90 | [ 15 ] CVE-2017-3450 |
91 | https://nvd.nist.gov/vuln/detail/CVE-2017-3450 |
92 | [ 16 ] CVE-2017-3452 |
93 | https://nvd.nist.gov/vuln/detail/CVE-2017-3452 |
94 | [ 17 ] CVE-2017-3453 |
95 | https://nvd.nist.gov/vuln/detail/CVE-2017-3453 |
96 | [ 18 ] CVE-2017-3456 |
97 | https://nvd.nist.gov/vuln/detail/CVE-2017-3456 |
98 | [ 19 ] CVE-2017-3461 |
99 | https://nvd.nist.gov/vuln/detail/CVE-2017-3461 |
100 | [ 20 ] CVE-2017-3462 |
101 | https://nvd.nist.gov/vuln/detail/CVE-2017-3462 |
102 | [ 21 ] CVE-2017-3463 |
103 | https://nvd.nist.gov/vuln/detail/CVE-2017-3463 |
104 | [ 22 ] CVE-2017-3464 |
105 | https://nvd.nist.gov/vuln/detail/CVE-2017-3464 |
106 | [ 23 ] CVE-2017-3599 |
107 | https://nvd.nist.gov/vuln/detail/CVE-2017-3599 |
108 | [ 24 ] CVE-2017-3600 |
109 | https://nvd.nist.gov/vuln/detail/CVE-2017-3600 |
110 | [ 25 ] CVE-2017-3633 |
111 | https://nvd.nist.gov/vuln/detail/CVE-2017-3633 |
112 | [ 26 ] CVE-2017-3634 |
113 | https://nvd.nist.gov/vuln/detail/CVE-2017-3634 |
114 | [ 27 ] CVE-2017-3635 |
115 | https://nvd.nist.gov/vuln/detail/CVE-2017-3635 |
116 | [ 28 ] CVE-2017-3636 |
117 | https://nvd.nist.gov/vuln/detail/CVE-2017-3636 |
118 | [ 29 ] CVE-2017-3637 |
119 | https://nvd.nist.gov/vuln/detail/CVE-2017-3637 |
120 | [ 30 ] CVE-2017-3641 |
121 | https://nvd.nist.gov/vuln/detail/CVE-2017-3641 |
122 | [ 31 ] CVE-2017-3647 |
123 | https://nvd.nist.gov/vuln/detail/CVE-2017-3647 |
124 | [ 32 ] CVE-2017-3648 |
125 | https://nvd.nist.gov/vuln/detail/CVE-2017-3648 |
126 | [ 33 ] CVE-2017-3649 |
127 | https://nvd.nist.gov/vuln/detail/CVE-2017-3649 |
128 | [ 34 ] CVE-2017-3651 |
129 | https://nvd.nist.gov/vuln/detail/CVE-2017-3651 |
130 | [ 35 ] CVE-2017-3652 |
131 | https://nvd.nist.gov/vuln/detail/CVE-2017-3652 |
132 | [ 36 ] CVE-2017-3653 |
133 | https://nvd.nist.gov/vuln/detail/CVE-2017-3653 |
134 | [ 37 ] CVE-2017-3732 |
135 | https://nvd.nist.gov/vuln/detail/CVE-2017-3732 |
136 | [ 38 ] CVE-2018-2562 |
137 | https://nvd.nist.gov/vuln/detail/CVE-2018-2562 |
138 | [ 39 ] CVE-2018-2573 |
139 | https://nvd.nist.gov/vuln/detail/CVE-2018-2573 |
140 | [ 40 ] CVE-2018-2583 |
141 | https://nvd.nist.gov/vuln/detail/CVE-2018-2583 |
142 | [ 41 ] CVE-2018-2590 |
143 | https://nvd.nist.gov/vuln/detail/CVE-2018-2590 |
144 | [ 42 ] CVE-2018-2591 |
145 | https://nvd.nist.gov/vuln/detail/CVE-2018-2591 |
146 | [ 43 ] CVE-2018-2612 |
147 | https://nvd.nist.gov/vuln/detail/CVE-2018-2612 |
148 | [ 44 ] CVE-2018-2622 |
149 | https://nvd.nist.gov/vuln/detail/CVE-2018-2622 |
150 | [ 45 ] CVE-2018-2640 |
151 | https://nvd.nist.gov/vuln/detail/CVE-2018-2640 |
152 | [ 46 ] CVE-2018-2645 |
153 | https://nvd.nist.gov/vuln/detail/CVE-2018-2645 |
154 | [ 47 ] CVE-2018-2647 |
155 | https://nvd.nist.gov/vuln/detail/CVE-2018-2647 |
156 | [ 48 ] CVE-2018-2665 |
157 | https://nvd.nist.gov/vuln/detail/CVE-2018-2665 |
158 | [ 49 ] CVE-2018-2668 |
159 | https://nvd.nist.gov/vuln/detail/CVE-2018-2668 |
160 | [ 50 ] CVE-2018-2696 |
161 | https://nvd.nist.gov/vuln/detail/CVE-2018-2696 |
162 | [ 51 ] CVE-2018-2703 |
163 | https://nvd.nist.gov/vuln/detail/CVE-2018-2703 |
164 | |
165 | Availability |
166 | ============ |
167 | |
168 | This GLSA and any updates to it are available for viewing at |
169 | the Gentoo Security Website: |
170 | |
171 | https://security.gentoo.org/glsa/201802-04 |
172 | |
173 | Concerns? |
174 | ========= |
175 | |
176 | Security is a primary focus of Gentoo Linux and ensuring the |
177 | confidentiality and security of our users' machines is of utmost |
178 | importance to us. Any security concerns should be addressed to |
179 | security@g.o or alternatively, you may file a bug at |
180 | https://bugs.gentoo.org. |
181 | |
182 | License |
183 | ======= |
184 | |
185 | Copyright 2018 Gentoo Foundation, Inc; referenced text |
186 | belongs to its owner(s). |
187 | |
188 | The contents of this document are licensed under the |
189 | Creative Commons - Attribution / Share Alike license. |
190 | |
191 | https://creativecommons.org/licenses/by-sa/2.5 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |