[gentoo-announce] [ GLSA 201411-02 ] MySQL, MariaDB: Multiple vulnerabilities - gentoo-announce

From:	Sean Amoss <ackle@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201411-02 ] MySQL, MariaDB: Multiple vulnerabilities
Date:	Thu, 06 Nov 2014 00:18:23
Message-Id:	`545ABDFE.1090000@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201411-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: MySQL, MariaDB: Multiple vulnerabilities

9

     Date: November 05, 2014

10

     Bugs: #525504

11

       ID: 201411-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in the MySQL and MariaDB,

19

possibly allowing attackers to cause unspecified impact.

20

21

Background

22

==========

23

24

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an

25

enhanced, drop-in replacement for MySQL.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-db/mysql                 < 5.5.40                  >= 5.5.40

34

  2  dev-db/mariadb             < 5.5.40-r1              >= 5.5.40-r1

35

    -------------------------------------------------------------------

36

     2 affected packages

37

38

Description

39

===========

40

41

Multiple unspecified vulnerabilities have been discovered in MySQL.

42

Please review the CVE identifiers referenced below for details.

43

44

Impact

45

======

46

47

A remote attacker could exploit these vulnerabilities to cause

48

unspecified impact, possibly including remote execution of arbitrary

49

code, Denial of Service, or disclosure of sensitive information.

50

51

Workaround

52

==========

53

54

There is no known workaround at this time.

55

56

Resolution

57

==========

58

59

All MySQL users should upgrade to the latest version:

60

61

  # emerge --sync

62

  # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40"

63

64

All MariaDB users should upgrade to the latest version:

65

66

  # emerge --sync

67

  # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1"

68

69

References

70

==========

71

72

[ 1 ] CVE-2014-6464

73

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464

74

[ 2 ] CVE-2014-6469

75

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469

76

[ 3 ] CVE-2014-6491

77

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491

78

[ 4 ] CVE-2014-6494

79

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494

80

[ 5 ] CVE-2014-6496

81

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496

82

[ 6 ] CVE-2014-6500

83

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500

84

[ 7 ] CVE-2014-6507

85

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507

86

[ 8 ] CVE-2014-6555

87

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555

88

[ 9 ] CVE-2014-6559

89

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559

90

91

Availability

92

============

93

94

This GLSA and any updates to it are available for viewing at

95

the Gentoo Security Website:

96

97

 http://security.gentoo.org/glsa/glsa-201411-02.xml

98

99

Concerns?

100

=========

101

102

Security is a primary focus of Gentoo Linux and ensuring the

103

confidentiality and security of our users' machines is of utmost

104

importance to us. Any security concerns should be addressed to

105

security@g.o or alternatively, you may file a bug at

106

https://bugs.gentoo.org.

107

108

License

109

=======

110

111

Copyright 2014 Gentoo Foundation, Inc; referenced text

112

belongs to its owner(s).

113

114

The contents of this document are licensed under the

115

Creative Commons - Attribution / Share Alike license.

116

117

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201411-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: MySQL, MariaDB: Multiple vulnerabilities
9	Date: November 05, 2014
10	Bugs: #525504
11	ID: 201411-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in the MySQL and MariaDB,
19	possibly allowing attackers to cause unspecified impact.
20
21	Background
22	==========
23
24	MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
25	enhanced, drop-in replacement for MySQL.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-db/mysql < 5.5.40 >= 5.5.40
34	2 dev-db/mariadb < 5.5.40-r1 >= 5.5.40-r1
35	-------------------------------------------------------------------
36	2 affected packages
37
38	Description
39	===========
40
41	Multiple unspecified vulnerabilities have been discovered in MySQL.
42	Please review the CVE identifiers referenced below for details.
43
44	Impact
45	======
46
47	A remote attacker could exploit these vulnerabilities to cause
48	unspecified impact, possibly including remote execution of arbitrary
49	code, Denial of Service, or disclosure of sensitive information.
50
51	Workaround
52	==========
53
54	There is no known workaround at this time.
55
56	Resolution
57	==========
58
59	All MySQL users should upgrade to the latest version:
60
61	# emerge --sync
62	# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40"
63
64	All MariaDB users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1"
68
69	References
70	==========
71
72	[ 1 ] CVE-2014-6464
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464
74	[ 2 ] CVE-2014-6469
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469
76	[ 3 ] CVE-2014-6491
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491
78	[ 4 ] CVE-2014-6494
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494
80	[ 5 ] CVE-2014-6496
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496
82	[ 6 ] CVE-2014-6500
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500
84	[ 7 ] CVE-2014-6507
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507
86	[ 8 ] CVE-2014-6555
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555
88	[ 9 ] CVE-2014-6559
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559
90
91	Availability
92	============
93
94	This GLSA and any updates to it are available for viewing at
95	the Gentoo Security Website:
96
97	http://security.gentoo.org/glsa/glsa-201411-02.xml
98
99	Concerns?
100	=========
101
102	Security is a primary focus of Gentoo Linux and ensuring the
103	confidentiality and security of our users' machines is of utmost
104	importance to us. Any security concerns should be addressed to
105	security@g.o or alternatively, you may file a bug at
106	https://bugs.gentoo.org.
107
108	License
109	=======
110
111	Copyright 2014 Gentoo Foundation, Inc; referenced text
112	belongs to its owner(s).
113
114	The contents of this document are licensed under the
115	Creative Commons - Attribution / Share Alike license.
116
117	http://creativecommons.org/licenses/by-sa/2.5