Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201504-05 ] MySQL and MariaDB: Multiple vulnerabilities
Date: Sat, 11 Apr 2015 20:42:32
Message-Id: 552986DD.7050207@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201504-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: MySQL and MariaDB: Multiple vulnerabilities
9 Date: April 11, 2015
10 Bugs: #537216, #537262
11 ID: 201504-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in MySQL and MariaDB, the
19 worst of which can allow remote attackers to cause a Denial of Service
20 condition.
21
22 Background
23 ==========
24
25 MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
26 enhanced, drop-in replacement for MySQL.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 dev-db/mysql < 5.6.22 >= 5.6.22
35 2 dev-db/mariadb < 10.0.16 >= 10.0.16
36 -------------------------------------------------------------------
37 2 affected packages
38
39 Description
40 ===========
41
42 Multiple vulnerabilities have been discovered in MySQL and MariaDB.
43 Please review the CVE identifiers referenced below for details.
44
45 Impact
46 ======
47
48 A remote attacker could exploit vulnerabilities to possibly cause a
49 Denial of Service condition.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All MySQL users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.22"
63
64 All MariaDB users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.16"
68
69 References
70 ==========
71
72 [ 1 ] CVE-2014-6568
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6568
74 [ 2 ] CVE-2015-0374
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0374
76 [ 3 ] CVE-2015-0381
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0381
78 [ 4 ] CVE-2015-0382
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0382
80 [ 5 ] CVE-2015-0385
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0385
82 [ 6 ] CVE-2015-0391
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0391
84 [ 7 ] CVE-2015-0409
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0409
86 [ 8 ] CVE-2015-0411
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0411
88 [ 9 ] CVE-2015-0432
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0432
90
91 Availability
92 ============
93
94 This GLSA and any updates to it are available for viewing at
95 the Gentoo Security Website:
96
97 https://security.gentoo.org/glsa/201504-05
98
99 Concerns?
100 =========
101
102 Security is a primary focus of Gentoo Linux and ensuring the
103 confidentiality and security of our users' machines is of utmost
104 importance to us. Any security concerns should be addressed to
105 security@g.o or alternatively, you may file a bug at
106 https://bugs.gentoo.org.
107
108 License
109 =======
110
111 Copyright 2015 Gentoo Foundation, Inc; referenced text
112 belongs to its owner(s).
113
114 The contents of this document are licensed under the
115 Creative Commons - Attribution / Share Alike license.
116
117 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups