You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
162 lines
10 KiB
162 lines
10 KiB
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="201308-06">
|
|
<title>MySQL: Multiple vulnerabilities</title>
|
|
<synopsis>Multiple vulnerabilities have been found in MySQL, allowing
|
|
attackers to execute arbitrary code or cause Denial of Service.
|
|
</synopsis>
|
|
<product type="ebuild">mysql</product>
|
|
<announced>August 29, 2013</announced>
|
|
<revised>August 30, 2013: 2</revised>
|
|
<bug>399375</bug>
|
|
<bug>411503</bug>
|
|
<bug>412889</bug>
|
|
<bug>417989</bug>
|
|
<bug>445602</bug>
|
|
<bug>462498</bug>
|
|
<bug>466236</bug>
|
|
<bug>477474</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="dev-db/mysql" auto="yes" arch="*">
|
|
<unaffected range="ge">5.1.70</unaffected>
|
|
<vulnerable range="lt">5.1.70</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>MySQL is a fast, multi-threaded, multi-user SQL database server.</p>
|
|
</background>
|
|
<description>
|
|
<p>Multiple vulnerabilities have been discovered in MySQL. Please review
|
|
the CVE identifiers referenced below for details.
|
|
</p>
|
|
</description>
|
|
<impact type="high">
|
|
<p>A remote attacker could send a specially crafted request, possibly
|
|
resulting in execution of arbitrary code with the privileges of the
|
|
application or a Denial of Service condition.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>There is no known workaround at this time.</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>All MySQL users should upgrade to the latest version:</p>
|
|
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"
|
|
</code>
|
|
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262">CVE-2011-2262</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075">CVE-2012-0075</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087">CVE-2012-0087</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101">CVE-2012-0101</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102">CVE-2012-0102</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112">CVE-2012-0112</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113">CVE-2012-0113</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114">CVE-2012-0114</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115">CVE-2012-0115</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116">CVE-2012-0116</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117">CVE-2012-0117</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118">CVE-2012-0118</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119">CVE-2012-0119</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120">CVE-2012-0120</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484">CVE-2012-0484</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485">CVE-2012-0485</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486">CVE-2012-0486</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487">CVE-2012-0487</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488">CVE-2012-0488</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489">CVE-2012-0489</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490">CVE-2012-0490</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491">CVE-2012-0491</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492">CVE-2012-0492</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493">CVE-2012-0493</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494">CVE-2012-0494</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495">CVE-2012-0495</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496">CVE-2012-0496</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540">CVE-2012-0540</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553">CVE-2012-0553</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572">CVE-2012-0572</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574">CVE-2012-0574</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578">CVE-2012-0578</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583">CVE-2012-0583</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688">CVE-2012-1688</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689">CVE-2012-1689</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690">CVE-2012-1690</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696">CVE-2012-1696</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697">CVE-2012-1697</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702">CVE-2012-1702</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703">CVE-2012-1703</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705">CVE-2012-1705</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734">CVE-2012-1734</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102">CVE-2012-2102</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122">CVE-2012-2122</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749">CVE-2012-2749</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150">CVE-2012-3150</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158">CVE-2012-3158</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160">CVE-2012-3160</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163">CVE-2012-3163</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166">CVE-2012-3166</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167">CVE-2012-3167</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173">CVE-2012-3173</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177">CVE-2012-3177</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180">CVE-2012-3180</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197">CVE-2012-3197</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060">CVE-2012-5060</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096">CVE-2012-5096</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611">CVE-2012-5611</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612">CVE-2012-5612</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613">CVE-2012-5613</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614">CVE-2012-5614</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615">CVE-2012-5615</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627">CVE-2012-5627</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367">CVE-2013-0367</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368">CVE-2013-0368</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371">CVE-2013-0371</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375">CVE-2013-0375</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383">CVE-2013-0383</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384">CVE-2013-0384</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385">CVE-2013-0385</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386">CVE-2013-0386</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389">CVE-2013-0389</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1492">CVE-2013-1492</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502">CVE-2013-1502</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506">CVE-2013-1506</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511">CVE-2013-1511</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512">CVE-2013-1512</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521">CVE-2013-1521</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523">CVE-2013-1523</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526">CVE-2013-1526</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531">CVE-2013-1531</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532">CVE-2013-1532</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544">CVE-2013-1544</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548">CVE-2013-1548</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552">CVE-2013-1552</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555">CVE-2013-1555</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566">CVE-2013-1566</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567">CVE-2013-1567</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570">CVE-2013-1570</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1623">CVE-2013-1623</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375">CVE-2013-2375</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376">CVE-2013-2376</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378">CVE-2013-2378</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381">CVE-2013-2381</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389">CVE-2013-2389</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391">CVE-2013-2391</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392">CVE-2013-2392</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395">CVE-2013-2395</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802">CVE-2013-3802</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804">CVE-2013-3804</uri>
|
|
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808">CVE-2013-3808</uri>
|
|
</references>
|
|
<metadata tag="requester" timestamp="Sat, 03 Mar 2012 20:07:11 +0000">
|
|
underling
|
|
</metadata>
|
|
<metadata tag="submitter" timestamp="Fri, 30 Aug 2013 07:20:44 +0000">
|
|
pinkbyte
|
|
</metadata>
|
|
</glsa>
|