Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201802-04 ] MySQL: Multiple vulnerabilities
Date: Tue, 20 Feb 2018 01:00:16
Message-Id: 7a594f10-5c06-e039-b386-d7383f6b5b1a@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201802-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: MySQL: Multiple vulnerabilities
9 Date: February 20, 2018
10 Bugs: #616486, #625626, #634652, #644986
11 ID: 201802-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities were found in MySQL, the worst of which may
19 allow remote execution of arbitrary code.
20
21 Background
22 ==========
23
24 A fast, multi-threaded, multi-user SQL database server.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 dev-db/mysql < 5.6.39 >= 5.6.39
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in MySQL. Please review
38 the referenced CVE identifiers for details.
39
40 Impact
41 ======
42
43 A remote attacker could execute arbitrary code without authentication
44 or cause a partial denial of service condition.
45
46 Workaround
47 ==========
48
49 There are no known workarounds at this time.
50
51 Resolution
52 ==========
53
54 All MySQL users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.39"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2017-10155
63 https://nvd.nist.gov/vuln/detail/CVE-2017-10155
64 [ 2 ] CVE-2017-10227
65 https://nvd.nist.gov/vuln/detail/CVE-2017-10227
66 [ 3 ] CVE-2017-10268
67 https://nvd.nist.gov/vuln/detail/CVE-2017-10268
68 [ 4 ] CVE-2017-10276
69 https://nvd.nist.gov/vuln/detail/CVE-2017-10276
70 [ 5 ] CVE-2017-10283
71 https://nvd.nist.gov/vuln/detail/CVE-2017-10283
72 [ 6 ] CVE-2017-10286
73 https://nvd.nist.gov/vuln/detail/CVE-2017-10286
74 [ 7 ] CVE-2017-10294
75 https://nvd.nist.gov/vuln/detail/CVE-2017-10294
76 [ 8 ] CVE-2017-10314
77 https://nvd.nist.gov/vuln/detail/CVE-2017-10314
78 [ 9 ] CVE-2017-10378
79 https://nvd.nist.gov/vuln/detail/CVE-2017-10378
80 [ 10 ] CVE-2017-10379
81 https://nvd.nist.gov/vuln/detail/CVE-2017-10379
82 [ 11 ] CVE-2017-10384
83 https://nvd.nist.gov/vuln/detail/CVE-2017-10384
84 [ 12 ] CVE-2017-3308
85 https://nvd.nist.gov/vuln/detail/CVE-2017-3308
86 [ 13 ] CVE-2017-3309
87 https://nvd.nist.gov/vuln/detail/CVE-2017-3309
88 [ 14 ] CVE-2017-3329
89 https://nvd.nist.gov/vuln/detail/CVE-2017-3329
90 [ 15 ] CVE-2017-3450
91 https://nvd.nist.gov/vuln/detail/CVE-2017-3450
92 [ 16 ] CVE-2017-3452
93 https://nvd.nist.gov/vuln/detail/CVE-2017-3452
94 [ 17 ] CVE-2017-3453
95 https://nvd.nist.gov/vuln/detail/CVE-2017-3453
96 [ 18 ] CVE-2017-3456
97 https://nvd.nist.gov/vuln/detail/CVE-2017-3456
98 [ 19 ] CVE-2017-3461
99 https://nvd.nist.gov/vuln/detail/CVE-2017-3461
100 [ 20 ] CVE-2017-3462
101 https://nvd.nist.gov/vuln/detail/CVE-2017-3462
102 [ 21 ] CVE-2017-3463
103 https://nvd.nist.gov/vuln/detail/CVE-2017-3463
104 [ 22 ] CVE-2017-3464
105 https://nvd.nist.gov/vuln/detail/CVE-2017-3464
106 [ 23 ] CVE-2017-3599
107 https://nvd.nist.gov/vuln/detail/CVE-2017-3599
108 [ 24 ] CVE-2017-3600
109 https://nvd.nist.gov/vuln/detail/CVE-2017-3600
110 [ 25 ] CVE-2017-3633
111 https://nvd.nist.gov/vuln/detail/CVE-2017-3633
112 [ 26 ] CVE-2017-3634
113 https://nvd.nist.gov/vuln/detail/CVE-2017-3634
114 [ 27 ] CVE-2017-3635
115 https://nvd.nist.gov/vuln/detail/CVE-2017-3635
116 [ 28 ] CVE-2017-3636
117 https://nvd.nist.gov/vuln/detail/CVE-2017-3636
118 [ 29 ] CVE-2017-3637
119 https://nvd.nist.gov/vuln/detail/CVE-2017-3637
120 [ 30 ] CVE-2017-3641
121 https://nvd.nist.gov/vuln/detail/CVE-2017-3641
122 [ 31 ] CVE-2017-3647
123 https://nvd.nist.gov/vuln/detail/CVE-2017-3647
124 [ 32 ] CVE-2017-3648
125 https://nvd.nist.gov/vuln/detail/CVE-2017-3648
126 [ 33 ] CVE-2017-3649
127 https://nvd.nist.gov/vuln/detail/CVE-2017-3649
128 [ 34 ] CVE-2017-3651
129 https://nvd.nist.gov/vuln/detail/CVE-2017-3651
130 [ 35 ] CVE-2017-3652
131 https://nvd.nist.gov/vuln/detail/CVE-2017-3652
132 [ 36 ] CVE-2017-3653
133 https://nvd.nist.gov/vuln/detail/CVE-2017-3653
134 [ 37 ] CVE-2017-3732
135 https://nvd.nist.gov/vuln/detail/CVE-2017-3732
136 [ 38 ] CVE-2018-2562
137 https://nvd.nist.gov/vuln/detail/CVE-2018-2562
138 [ 39 ] CVE-2018-2573
139 https://nvd.nist.gov/vuln/detail/CVE-2018-2573
140 [ 40 ] CVE-2018-2583
141 https://nvd.nist.gov/vuln/detail/CVE-2018-2583
142 [ 41 ] CVE-2018-2590
143 https://nvd.nist.gov/vuln/detail/CVE-2018-2590
144 [ 42 ] CVE-2018-2591
145 https://nvd.nist.gov/vuln/detail/CVE-2018-2591
146 [ 43 ] CVE-2018-2612
147 https://nvd.nist.gov/vuln/detail/CVE-2018-2612
148 [ 44 ] CVE-2018-2622
149 https://nvd.nist.gov/vuln/detail/CVE-2018-2622
150 [ 45 ] CVE-2018-2640
151 https://nvd.nist.gov/vuln/detail/CVE-2018-2640
152 [ 46 ] CVE-2018-2645
153 https://nvd.nist.gov/vuln/detail/CVE-2018-2645
154 [ 47 ] CVE-2018-2647
155 https://nvd.nist.gov/vuln/detail/CVE-2018-2647
156 [ 48 ] CVE-2018-2665
157 https://nvd.nist.gov/vuln/detail/CVE-2018-2665
158 [ 49 ] CVE-2018-2668
159 https://nvd.nist.gov/vuln/detail/CVE-2018-2668
160 [ 50 ] CVE-2018-2696
161 https://nvd.nist.gov/vuln/detail/CVE-2018-2696
162 [ 51 ] CVE-2018-2703
163 https://nvd.nist.gov/vuln/detail/CVE-2018-2703
164
165 Availability
166 ============
167
168 This GLSA and any updates to it are available for viewing at
169 the Gentoo Security Website:
170
171 https://security.gentoo.org/glsa/201802-04
172
173 Concerns?
174 =========
175
176 Security is a primary focus of Gentoo Linux and ensuring the
177 confidentiality and security of our users' machines is of utmost
178 importance to us. Any security concerns should be addressed to
179 security@g.o or alternatively, you may file a bug at
180 https://bugs.gentoo.org.
181
182 License
183 =======
184
185 Copyright 2018 Gentoo Foundation, Inc; referenced text
186 belongs to its owner(s).
187
188 The contents of this document are licensed under the
189 Creative Commons - Attribution / Share Alike license.
190
191 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature