MySQL: Multiple vulnerabilities

MySQL: Multiple vulnerabilities Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges. mysql 2014-09-04 2014-09-04: 1 460748 488212 498164 500260 507802 518718 local, remote 5.5.39 5.5.39

MySQL is a popular multi-threaded, multi-user SQL server.

Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.

A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process.

There is no known workaround at this time.

All MySQL users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39"

CVE-2013-1861 CVE-2013-2134 CVE-2013-3839 CVE-2013-5767 CVE-2013-5770 CVE-2013-5786 CVE-2013-5793 CVE-2013-5807 CVE-2013-5860 CVE-2013-5881 CVE-2013-5882 CVE-2013-5891 CVE-2013-5894 CVE-2013-5908 CVE-2014-0001 CVE-2014-0384 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0427 CVE-2014-0430 CVE-2014-0431 CVE-2014-0433 CVE-2014-0437 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2434 CVE-2014-2435 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 pinkbyte pinkbyte