Gentoo Archives: gentoo-commits

From: "Sergey Popov (pinkbyte)" <pinkbyte@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201308-06.xml
Date: Thu, 29 Aug 2013 08:53:04
Message-Id: 20130829085256.5A9A42004C@flycatcher.gentoo.org
1 pinkbyte 13/08/29 08:52:56
2
3 Added: glsa-201308-06.xml
4 Log:
5 GLSA 201308-06
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-201308-06.xml
9
10 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201308-06.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201308-06.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-201308-06.xml
14 ===================================================================
15 <?xml version="1.0" encoding="UTF-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19 <glsa id="201308-06">
20 <title>MySQL: Multiple vulnerabilities</title>
21 <synopsis>Multiple vulnerabilities have been found in MySQL, allowing
22 attackers to execute arbitrary code or cause Denial of Service.
23 </synopsis>
24 <product type="ebuild">mysql</product>
25 <announced>August 29, 2013</announced>
26 <revised>August 29, 2013: 1</revised>
27 <bug>399375</bug>
28 <bug>411503</bug>
29 <bug>412889</bug>
30 <bug>417989</bug>
31 <bug>445602</bug>
32 <bug>462498</bug>
33 <bug>466236</bug>
34 <bug>477474</bug>
35 <access>remote</access>
36 <affected>
37 <package name="dev-db/mysql" auto="yes" arch="*">
38 <unaffected range="ge">5.1.70</unaffected>
39 <vulnerable range="lt">5.1.70</vulnerable>
40 </package>
41 </affected>
42 <background>
43 <p>MySQL is a fast, multi-threaded, multi-user SQL database server.</p>
44 </background>
45 <description>
46 <p>Multiple vulnerabilities have been discovered in MySQL. Please review
47 the CVE identifiers referenced below for details.
48 </p>
49 </description>
50 <impact type="high">
51 <p>A remote attacker could send a specially crafted request, possibly
52 resulting in execution of arbitrary code with the privileges of the
53 application or a Denial of Service condition.
54 </p>
55 </impact>
56 <workaround>
57 <p>There is no known workaround at this time.</p>
58 </workaround>
59 <resolution>
60 <p>All MySQL users should upgrade to the latest version:</p>
61
62 <code>
63 # emerge --sync
64 # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.1.70"
65 </code>
66
67 </resolution>
68 <references>
69 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262">CVE-2011-2262</uri>
70 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075">CVE-2012-0075</uri>
71 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087">CVE-2012-0087</uri>
72 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101">CVE-2012-0101</uri>
73 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102">CVE-2012-0102</uri>
74 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112">CVE-2012-0112</uri>
75 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113">CVE-2012-0113</uri>
76 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114">CVE-2012-0114</uri>
77 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115">CVE-2012-0115</uri>
78 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116">CVE-2012-0116</uri>
79 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117">CVE-2012-0117</uri>
80 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118">CVE-2012-0118</uri>
81 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119">CVE-2012-0119</uri>
82 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120">CVE-2012-0120</uri>
83 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484">CVE-2012-0484</uri>
84 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485">CVE-2012-0485</uri>
85 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486">CVE-2012-0486</uri>
86 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487">CVE-2012-0487</uri>
87 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488">CVE-2012-0488</uri>
88 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489">CVE-2012-0489</uri>
89 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490">CVE-2012-0490</uri>
90 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491">CVE-2012-0491</uri>
91 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492">CVE-2012-0492</uri>
92 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493">CVE-2012-0493</uri>
93 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494">CVE-2012-0494</uri>
94 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495">CVE-2012-0495</uri>
95 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496">CVE-2012-0496</uri>
96 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540">CVE-2012-0540</uri>
97 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553">CVE-2012-0553</uri>
98 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572">CVE-2012-0572</uri>
99 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574">CVE-2012-0574</uri>
100 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578">CVE-2012-0578</uri>
101 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583">CVE-2012-0583</uri>
102 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1492">CVE-2012-1492</uri>
103 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1623">CVE-2012-1623</uri>
104 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688">CVE-2012-1688</uri>
105 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689">CVE-2012-1689</uri>
106 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690">CVE-2012-1690</uri>
107 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696">CVE-2012-1696</uri>
108 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697">CVE-2012-1697</uri>
109 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702">CVE-2012-1702</uri>
110 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703">CVE-2012-1703</uri>
111 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705">CVE-2012-1705</uri>
112 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734">CVE-2012-1734</uri>
113 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102">CVE-2012-2102</uri>
114 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122">CVE-2012-2122</uri>
115 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749">CVE-2012-2749</uri>
116 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150">CVE-2012-3150</uri>
117 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158">CVE-2012-3158</uri>
118 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160">CVE-2012-3160</uri>
119 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163">CVE-2012-3163</uri>
120 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166">CVE-2012-3166</uri>
121 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167">CVE-2012-3167</uri>
122 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173">CVE-2012-3173</uri>
123 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177">CVE-2012-3177</uri>
124 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180">CVE-2012-3180</uri>
125 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197">CVE-2012-3197</uri>
126 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060">CVE-2012-5060</uri>
127 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096">CVE-2012-5096</uri>
128 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611">CVE-2012-5611</uri>
129 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612">CVE-2012-5612</uri>
130 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613">CVE-2012-5613</uri>
131 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614">CVE-2012-5614</uri>
132 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615">CVE-2012-5615</uri>
133 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627">CVE-2012-5627</uri>
134 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367">CVE-2013-0367</uri>
135 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368">CVE-2013-0368</uri>
136 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371">CVE-2013-0371</uri>
137 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375">CVE-2013-0375</uri>
138 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383">CVE-2013-0383</uri>
139 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384">CVE-2013-0384</uri>
140 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385">CVE-2013-0385</uri>
141 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386">CVE-2013-0386</uri>
142 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389">CVE-2013-0389</uri>
143 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502">CVE-2013-1502</uri>
144 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506">CVE-2013-1506</uri>
145 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511">CVE-2013-1511</uri>
146 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512">CVE-2013-1512</uri>
147 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521">CVE-2013-1521</uri>
148 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523">CVE-2013-1523</uri>
149 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526">CVE-2013-1526</uri>
150 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531">CVE-2013-1531</uri>
151 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532">CVE-2013-1532</uri>
152 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544">CVE-2013-1544</uri>
153 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548">CVE-2013-1548</uri>
154 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552">CVE-2013-1552</uri>
155 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555">CVE-2013-1555</uri>
156 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566">CVE-2013-1566</uri>
157 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567">CVE-2013-1567</uri>
158 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570">CVE-2013-1570</uri>
159 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375">CVE-2013-2375</uri>
160 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376">CVE-2013-2376</uri>
161 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378">CVE-2013-2378</uri>
162 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381">CVE-2013-2381</uri>
163 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389">CVE-2013-2389</uri>
164 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391">CVE-2013-2391</uri>
165 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392">CVE-2013-2392</uri>
166 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395">CVE-2013-2395</uri>
167 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802">CVE-2013-3802</uri>
168 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804">CVE-2013-3804</uri>
169 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808">CVE-2013-3808</uri>
170 </references>
171 <metadata tag="requester" timestamp="Sat, 03 Mar 2012 20:07:11 +0000">
172 underling
173 </metadata>
174 <metadata tag="submitter" timestamp="Thu, 29 Aug 2013 08:51:20 +0000">
175 pinkbyte
176 </metadata>
177 </glsa>