Gentoo: 201308-06 MySQL: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Gentoo Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201308-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: MySQL: Multiple vulnerabilities
     Date: August 29, 2013
     Bugs: #399375, #411503, #412889, #417989, #445602, #462498,
           #466236, #477474
       ID: 201308-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL, allowing attackers
to execute arbitrary code or cause Denial of Service.

Background
==========

MySQL is a fast, multi-threaded, multi-user SQL database server.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-db/mysql                 < 5.1.70                  >= 5.1.70

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could send a specially crafted request, possibly
resulting in execution of arbitrary code with the privileges of the
application or a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"

References
==========

[   1 ] CVE-2011-2262
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262
[   2 ] CVE-2012-0075
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075
[   3 ] CVE-2012-0087
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087
[   4 ] CVE-2012-0101
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101
[   5 ] CVE-2012-0102
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102
[   6 ] CVE-2012-0112
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112
[   7 ] CVE-2012-0113
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113
[   8 ] CVE-2012-0114
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114
[   9 ] CVE-2012-0115
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115
[  10 ] CVE-2012-0116
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116
[  11 ] CVE-2012-0117
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117
[  12 ] CVE-2012-0118
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118
[  13 ] CVE-2012-0119
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119
[  14 ] CVE-2012-0120
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120
[  15 ] CVE-2012-0484
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484
[  16 ] CVE-2012-0485
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485
[  17 ] CVE-2012-0486
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486
[  18 ] CVE-2012-0487
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487
[  19 ] CVE-2012-0488
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488
[  20 ] CVE-2012-0489
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489
[  21 ] CVE-2012-0490
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490
[  22 ] CVE-2012-0491
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491
[  23 ] CVE-2012-0492
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492
[  24 ] CVE-2012-0493
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493
[  25 ] CVE-2012-0494
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494
[  26 ] CVE-2012-0495
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495
[  27 ] CVE-2012-0496
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496
[  28 ] CVE-2012-0540
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540
[  29 ] CVE-2012-0553
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553
[  30 ] CVE-2012-0572
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572
[  31 ] CVE-2012-0574
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574
[  32 ] CVE-2012-0578
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578
[  33 ] CVE-2012-0583
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583
[  34 ] CVE-2012-1492
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1492
[  35 ] CVE-2012-1623
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1623
[  36 ] CVE-2012-1688
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688
[  37 ] CVE-2012-1689
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689
[  38 ] CVE-2012-1690
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690
[  39 ] CVE-2012-1696
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696
[  40 ] CVE-2012-1697
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697
[  41 ] CVE-2012-1702
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702
[  42 ] CVE-2012-1703
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703
[  43 ] CVE-2012-1705
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705
[  44 ] CVE-2012-1734
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734
[  45 ] CVE-2012-2102
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102
[  46 ] CVE-2012-2122
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122
[  47 ] CVE-2012-2749
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749
[  48 ] CVE-2012-3150
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150
[  49 ] CVE-2012-3158
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158
[  50 ] CVE-2012-3160
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160
[  51 ] CVE-2012-3163
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163
[  52 ] CVE-2012-3166
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166
[  53 ] CVE-2012-3167
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167
[  54 ] CVE-2012-3173
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173
[  55 ] CVE-2012-3177
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177
[  56 ] CVE-2012-3180
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180
[  57 ] CVE-2012-3197
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197
[  58 ] CVE-2012-5060
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060
[  59 ] CVE-2012-5096
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096
[  60 ] CVE-2012-5611
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611
[  61 ] CVE-2012-5612
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612
[  62 ] CVE-2012-5613
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613
[  63 ] CVE-2012-5614
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614
[  64 ] CVE-2012-5615
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615
[  65 ] CVE-2012-5627
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627
[  66 ] CVE-2013-0367
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367
[  67 ] CVE-2013-0368
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368
[  68 ] CVE-2013-0371
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371
[  69 ] CVE-2013-0375
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375
[  70 ] CVE-2013-0383
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383
[  71 ] CVE-2013-0384
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384
[  72 ] CVE-2013-0385
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385
[  73 ] CVE-2013-0386
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386
[  74 ] CVE-2013-0389
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389
[  75 ] CVE-2013-1502
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502
[  76 ] CVE-2013-1506
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506
[  77 ] CVE-2013-1511
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511
[  78 ] CVE-2013-1512
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512
[  79 ] CVE-2013-1521
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521
[  80 ] CVE-2013-1523
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523
[  81 ] CVE-2013-1526
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526
[  82 ] CVE-2013-1531
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531
[  83 ] CVE-2013-1532
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532
[  84 ] CVE-2013-1544
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544
[  85 ] CVE-2013-1548
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548
[  86 ] CVE-2013-1552
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552
[  87 ] CVE-2013-1555
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555
[  88 ] CVE-2013-1566
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566
[  89 ] CVE-2013-1567
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567
[  90 ] CVE-2013-1570
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570
[  91 ] CVE-2013-2375
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375
[  92 ] CVE-2013-2376
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376
[  93 ] CVE-2013-2378
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378
[  94 ] CVE-2013-2381
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381
[  95 ] CVE-2013-2389
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389
[  96 ] CVE-2013-2391
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391
[  97 ] CVE-2013-2392
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392
[  98 ] CVE-2013-2395
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395
[  99 ] CVE-2013-3802
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802
[ 100 ] CVE-2013-3804
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804
[ 101 ] CVE-2013-3808
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201308-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5