GLSA 201802-04: MySQL: Multiple vulnerabilities
Severity: | high |
Title: | MySQL: Multiple vulnerabilities |
Date: | 02/20/2018 |
Bugs: |
|
ID: | 201802-04 |
Synopsis
Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code.Background
A fast, multi-threaded, multi-user SQL database server.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
dev-db/mysql | < 5.6.39 | >= 5.6.39 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details.
Impact
A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition.
Workaround
There are no known workarounds at this time.
Resolution
All MySQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.39"
References
CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3450 CVE-2017-3452 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 CVE-2017-3600 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3637 CVE-2017-3641 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 CVE-2017-3732 CVE-2018-2562 CVE-2018-2573 CVE-2018-2583 CVE-2018-2590 CVE-2018-2591 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2647 CVE-2018-2665 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.