LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Gentoo: 201308-06 MySQL: Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Gentoo Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201308-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: MySQL: Multiple vulnerabilities
     Date: August 29, 2013
     Bugs: #399375, #411503, #412889, #417989, #445602, #462498,
           #466236, #477474
       ID: 201308-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL, allowing attackers
to execute arbitrary code or cause Denial of Service.

Background
==========

MySQL is a fast, multi-threaded, multi-user SQL database server.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-db/mysql                 < 5.1.70                  >= 5.1.70

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could send a specially crafted request, possibly
resulting in execution of arbitrary code with the privileges of the
application or a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"

References
==========

[   1 ] CVE-2011-2262
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262
[   2 ] CVE-2012-0075
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075
[   3 ] CVE-2012-0087
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087
[   4 ] CVE-2012-0101
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101
[   5 ] CVE-2012-0102
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102
[   6 ] CVE-2012-0112
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112
[   7 ] CVE-2012-0113
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113
[   8 ] CVE-2012-0114
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114
[   9 ] CVE-2012-0115
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115
[  10 ] CVE-2012-0116
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116
[  11 ] CVE-2012-0117
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117
[  12 ] CVE-2012-0118
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118
[  13 ] CVE-2012-0119
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119
[  14 ] CVE-2012-0120
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120
[  15 ] CVE-2012-0484
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484
[  16 ] CVE-2012-0485
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485
[  17 ] CVE-2012-0486
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486
[  18 ] CVE-2012-0487
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487
[  19 ] CVE-2012-0488
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488
[  20 ] CVE-2012-0489
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489
[  21 ] CVE-2012-0490
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490
[  22 ] CVE-2012-0491
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491
[  23 ] CVE-2012-0492
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492
[  24 ] CVE-2012-0493
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493
[  25 ] CVE-2012-0494
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494
[  26 ] CVE-2012-0495
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495
[  27 ] CVE-2012-0496
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496
[  28 ] CVE-2012-0540
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540
[  29 ] CVE-2012-0553
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553
[  30 ] CVE-2012-0572
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572
[  31 ] CVE-2012-0574
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574
[  32 ] CVE-2012-0578
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578
[  33 ] CVE-2012-0583
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583
[  34 ] CVE-2012-1492
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1492
[  35 ] CVE-2012-1623
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1623
[  36 ] CVE-2012-1688
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688
[  37 ] CVE-2012-1689
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689
[  38 ] CVE-2012-1690
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690
[  39 ] CVE-2012-1696
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696
[  40 ] CVE-2012-1697
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697
[  41 ] CVE-2012-1702
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702
[  42 ] CVE-2012-1703
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703
[  43 ] CVE-2012-1705
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705
[  44 ] CVE-2012-1734
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734
[  45 ] CVE-2012-2102
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102
[  46 ] CVE-2012-2122
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122
[  47 ] CVE-2012-2749
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749
[  48 ] CVE-2012-3150
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150
[  49 ] CVE-2012-3158
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158
[  50 ] CVE-2012-3160
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160
[  51 ] CVE-2012-3163
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163
[  52 ] CVE-2012-3166
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166
[  53 ] CVE-2012-3167
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167
[  54 ] CVE-2012-3173
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173
[  55 ] CVE-2012-3177
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177
[  56 ] CVE-2012-3180
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180
[  57 ] CVE-2012-3197
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197
[  58 ] CVE-2012-5060
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060
[  59 ] CVE-2012-5096
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096
[  60 ] CVE-2012-5611
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611
[  61 ] CVE-2012-5612
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612
[  62 ] CVE-2012-5613
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613
[  63 ] CVE-2012-5614
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614
[  64 ] CVE-2012-5615
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615
[  65 ] CVE-2012-5627
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627
[  66 ] CVE-2013-0367
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367
[  67 ] CVE-2013-0368
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368
[  68 ] CVE-2013-0371
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371
[  69 ] CVE-2013-0375
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375
[  70 ] CVE-2013-0383
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383
[  71 ] CVE-2013-0384
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384
[  72 ] CVE-2013-0385
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385
[  73 ] CVE-2013-0386
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386
[  74 ] CVE-2013-0389
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389
[  75 ] CVE-2013-1502
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502
[  76 ] CVE-2013-1506
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506
[  77 ] CVE-2013-1511
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511
[  78 ] CVE-2013-1512
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512
[  79 ] CVE-2013-1521
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521
[  80 ] CVE-2013-1523
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523
[  81 ] CVE-2013-1526
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526
[  82 ] CVE-2013-1531
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531
[  83 ] CVE-2013-1532
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532
[  84 ] CVE-2013-1544
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544
[  85 ] CVE-2013-1548
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548
[  86 ] CVE-2013-1552
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552
[  87 ] CVE-2013-1555
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555
[  88 ] CVE-2013-1566
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566
[  89 ] CVE-2013-1567
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567
[  90 ] CVE-2013-1570
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570
[  91 ] CVE-2013-2375
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375
[  92 ] CVE-2013-2376
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376
[  93 ] CVE-2013-2378
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378
[  94 ] CVE-2013-2381
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381
[  95 ] CVE-2013-2389
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389
[  96 ] CVE-2013-2391
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391
[  97 ] CVE-2013-2392
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392
[  98 ] CVE-2013-2395
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395
[  99 ] CVE-2013-3802
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802
[ 100 ] CVE-2013-3804
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804
[ 101 ] CVE-2013-3808
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201308-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.