GLSA 201308-06: MySQL: Multiple vulnerabilities
Severity: | high |
Title: | MySQL: Multiple vulnerabilities |
Date: | 08/29/2013 |
Bugs: |
|
ID: | 201308-06 |
Synopsis
Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.Background
MySQL is a fast, multi-threaded, multi-user SQL database server.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
dev-db/mysql | < 5.1.70 | >= 5.1.70 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All MySQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"
References
CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0117 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0486 CVE-2012-0487 CVE-2012-0488 CVE-2012-0489 CVE-2012-0490 CVE-2012-0491 CVE-2012-0492 CVE-2012-0493 CVE-2012-0494 CVE-2012-0495 CVE-2012-0496 CVE-2012-0540 CVE-2012-0553 CVE-2012-0572 CVE-2012-0574 CVE-2012-0578 CVE-2012-0583 CVE-2012-1688 CVE-2012-1689 CVE-2012-1690 CVE-2012-1696 CVE-2012-1697 CVE-2012-1702 CVE-2012-1703 CVE-2012-1705 CVE-2012-1734 CVE-2012-2102 CVE-2012-2122 CVE-2012-2749 CVE-2012-3150 CVE-2012-3158 CVE-2012-3160 CVE-2012-3163 CVE-2012-3166 CVE-2012-3167 CVE-2012-3173 CVE-2012-3177 CVE-2012-3180 CVE-2012-3197 CVE-2012-5060 CVE-2012-5096 CVE-2012-5611 CVE-2012-5612 CVE-2012-5613 CVE-2012-5614 CVE-2012-5615 CVE-2012-5627 CVE-2013-0367 CVE-2013-0368 CVE-2013-0371 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0386 CVE-2013-0389 CVE-2013-1492 CVE-2013-1502 CVE-2013-1506 CVE-2013-1511 CVE-2013-1512 CVE-2013-1521 CVE-2013-1523 CVE-2013-1526 CVE-2013-1531 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-1555 CVE-2013-1566 CVE-2013-1567 CVE-2013-1570 CVE-2013-1623 CVE-2013-2375 CVE-2013-2376 CVE-2013-2378 CVE-2013-2381 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 CVE-2013-2395 CVE-2013-3802 CVE-2013-3804 CVE-2013-3808
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.