Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201702-18 ] MariaDB: Multiple vulnerabilities
Date: Mon, 20 Feb 2017 23:48:01
Message-Id: 26a14e37-14e2-7c22-6e93-70bff8a22414@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201702-18
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: MariaDB: Multiple vulnerabilities
9 Date: February 20, 2017
10 Bugs: #606258
11 ID: 201702-18
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in MariaDB, the worst of which
19 could lead to privilege escalation.
20
21 Background
22 ==========
23
24 MariaDB is an enhanced, drop-in replacement for MySQL.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 dev-db/mariadb < 10.0.29 >= 10.0.29
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in MariaDB. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 An attacker could possibly escalate privileges, gain access to critical
44 data or complete access to all MariaDB Server accessible data, or cause
45 a Denial of Service condition via unspecified vectors.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All MariaDB users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.29"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2016-6664
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6664
65 [ 2 ] CVE-2017-3238
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3238
67 [ 3 ] CVE-2017-3243
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3243
69 [ 4 ] CVE-2017-3244
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3244
71 [ 5 ] CVE-2017-3257
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3257
73 [ 6 ] CVE-2017-3258
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3258
75 [ 7 ] CVE-2017-3265
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3265
77 [ 8 ] CVE-2017-3291
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3291
79 [ 9 ] CVE-2017-3312
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3312
81 [ 10 ] CVE-2017-3317
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3317
83 [ 11 ] CVE-2017-3318
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3318
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 https://security.gentoo.org/glsa/201702-18
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users' machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 https://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2017 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups