Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201908-24 ] MariaDB, MySQL: Multiple vulnerabilities
Date: Sun, 18 Aug 2019 02:42:45
Message-Id: 20190818022944.GK5912@bubba.lan
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201908-24
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: MariaDB, MySQL: Multiple vulnerabilities
9 Date: August 18, 2019
10 Bugs: #661500, #670388, #679024
11 ID: 201908-24
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in MariaDB and MySQL, the
19 worst of which could result in privilege escalation.
20
21 Background
22 ==========
23
24 MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a
25 popular multi-threaded, multi-user SQL server. MySQL is a popular
26 multi-threaded, multi-user SQL server
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 dev-db/mariadb < 10.1.38-r1 >= 10.1.38-r1
35 < 10.2.22 >= 10.2.22
36 2 dev-db/mysql < 5.6.42 >= 5.6.42
37 < 5.7.24 >= 5.7.24
38 -------------------------------------------------------------------
39 2 affected packages
40
41 Description
42 ===========
43
44 Multiple vulnerabilities have been discovered in MariaDB and MySQL.
45 Please review the CVE identifiers referenced below for details.
46
47 Impact
48 ======
49
50 Please review the referenced CVE identifiers for details.
51
52 Workaround
53 ==========
54
55 There is no known workaround at this time.
56
57 Resolution
58 ==========
59
60 All MariaDB 10.1.x users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.1.38-r1"
64
65 All MariaDB 10.2.x users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.2.22"
69
70 All MySQL 5.6.x users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.42"
74
75 All MySQL 5.7.x users should upgrade to the latest version:
76
77 # emerge --sync
78 # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.24"
79
80 References
81 ==========
82
83 [ 1 ] CVE-2018-2755
84 https://nvd.nist.gov/vuln/detail/CVE-2018-2755
85 [ 2 ] CVE-2018-2759
86 https://nvd.nist.gov/vuln/detail/CVE-2018-2759
87 [ 3 ] CVE-2018-2761
88 https://nvd.nist.gov/vuln/detail/CVE-2018-2761
89 [ 4 ] CVE-2018-2766
90 https://nvd.nist.gov/vuln/detail/CVE-2018-2766
91 [ 5 ] CVE-2018-2771
92 https://nvd.nist.gov/vuln/detail/CVE-2018-2771
93 [ 6 ] CVE-2018-2777
94 https://nvd.nist.gov/vuln/detail/CVE-2018-2777
95 [ 7 ] CVE-2018-2781
96 https://nvd.nist.gov/vuln/detail/CVE-2018-2781
97 [ 8 ] CVE-2018-2782
98 https://nvd.nist.gov/vuln/detail/CVE-2018-2782
99 [ 9 ] CVE-2018-2784
100 https://nvd.nist.gov/vuln/detail/CVE-2018-2784
101 [ 10 ] CVE-2018-2786
102 https://nvd.nist.gov/vuln/detail/CVE-2018-2786
103 [ 11 ] CVE-2018-2787
104 https://nvd.nist.gov/vuln/detail/CVE-2018-2787
105 [ 12 ] CVE-2018-2810
106 https://nvd.nist.gov/vuln/detail/CVE-2018-2810
107 [ 13 ] CVE-2018-2813
108 https://nvd.nist.gov/vuln/detail/CVE-2018-2813
109 [ 14 ] CVE-2018-2817
110 https://nvd.nist.gov/vuln/detail/CVE-2018-2817
111 [ 15 ] CVE-2018-2819
112 https://nvd.nist.gov/vuln/detail/CVE-2018-2819
113 [ 16 ] CVE-2018-3143
114 https://nvd.nist.gov/vuln/detail/CVE-2018-3143
115 [ 17 ] CVE-2018-3156
116 https://nvd.nist.gov/vuln/detail/CVE-2018-3156
117 [ 18 ] CVE-2018-3162
118 https://nvd.nist.gov/vuln/detail/CVE-2018-3162
119 [ 19 ] CVE-2018-3173
120 https://nvd.nist.gov/vuln/detail/CVE-2018-3173
121 [ 20 ] CVE-2018-3174
122 https://nvd.nist.gov/vuln/detail/CVE-2018-3174
123 [ 21 ] CVE-2018-3185
124 https://nvd.nist.gov/vuln/detail/CVE-2018-3185
125 [ 22 ] CVE-2018-3200
126 https://nvd.nist.gov/vuln/detail/CVE-2018-3200
127 [ 23 ] CVE-2018-3251
128 https://nvd.nist.gov/vuln/detail/CVE-2018-3251
129 [ 24 ] CVE-2018-3252
130 https://nvd.nist.gov/vuln/detail/CVE-2018-3252
131 [ 25 ] CVE-2018-3277
132 https://nvd.nist.gov/vuln/detail/CVE-2018-3277
133 [ 26 ] CVE-2018-3282
134 https://nvd.nist.gov/vuln/detail/CVE-2018-3282
135 [ 27 ] CVE-2018-3284
136 https://nvd.nist.gov/vuln/detail/CVE-2018-3284
137 [ 28 ] CVE-2019-2510
138 https://nvd.nist.gov/vuln/detail/CVE-2019-2510
139 [ 29 ] CVE-2019-2529
140 https://nvd.nist.gov/vuln/detail/CVE-2019-2529
141 [ 30 ] CVE-2019-2537
142 https://nvd.nist.gov/vuln/detail/CVE-2019-2537
143
144 Availability
145 ============
146
147 This GLSA and any updates to it are available for viewing at
148 the Gentoo Security Website:
149
150 https://security.gentoo.org/glsa/201908-24
151
152 Concerns?
153 =========
154
155 Security is a primary focus of Gentoo Linux and ensuring the
156 confidentiality and security of our users' machines is of utmost
157 importance to us. Any security concerns should be addressed to
158 security@g.o or alternatively, you may file a bug at
159 https://bugs.gentoo.org.
160
161 License
162 =======
163
164 Copyright 2019 Gentoo Foundation, Inc; referenced text
165 belongs to its owner(s).
166
167 The contents of this document are licensed under the
168 Creative Commons - Attribution / Share Alike license.
169
170 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups