- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 201308-06:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MySQL: Multiple vulnerabilities Date: August 29, 2013 Updated: August 30, 2013 Bugs: #399375, #411503, #412889, #417989, #445602, #462498, #466236, #477474 ID: 201308-06:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Errata ====== The references section of the original advisory contained wrong CVE references. CVE-2012-1492, CVE-2012-1623 should be interpreted as CVE-2013-1492 and CVE-2013-1623 accordingly. The corrected sections appear below. References ========== [ 1 ] CVE-2011-2262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262 [ 2 ] CVE-2012-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075 [ 3 ] CVE-2012-0087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087 [ 4 ] CVE-2012-0101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101 [ 5 ] CVE-2012-0102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102 [ 6 ] CVE-2012-0112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112 [ 7 ] CVE-2012-0113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113 [ 8 ] CVE-2012-0114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114 [ 9 ] CVE-2012-0115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115 [ 10 ] CVE-2012-0116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116 [ 11 ] CVE-2012-0117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117 [ 12 ] CVE-2012-0118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118 [ 13 ] CVE-2012-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119 [ 14 ] CVE-2012-0120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120 [ 15 ] CVE-2012-0484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484 [ 16 ] CVE-2012-0485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485 [ 17 ] CVE-2012-0486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486 [ 18 ] CVE-2012-0487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487 [ 19 ] CVE-2012-0488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488 [ 20 ] CVE-2012-0489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489 [ 21 ] CVE-2012-0490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490 [ 22 ] CVE-2012-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491 [ 23 ] CVE-2012-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492 [ 24 ] CVE-2012-0493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493 [ 25 ] CVE-2012-0494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494 [ 26 ] CVE-2012-0495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495 [ 27 ] CVE-2012-0496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496 [ 28 ] CVE-2012-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540 [ 29 ] CVE-2012-0553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553 [ 30 ] CVE-2012-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572 [ 31 ] CVE-2012-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574 [ 32 ] CVE-2012-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578 [ 33 ] CVE-2012-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583 [ 34 ] CVE-2012-1688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688 [ 35 ] CVE-2012-1689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689 [ 36 ] CVE-2012-1690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690 [ 37 ] CVE-2012-1696 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696 [ 38 ] CVE-2012-1697 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697 [ 39 ] CVE-2012-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702 [ 40 ] CVE-2012-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703 [ 41 ] CVE-2012-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705 [ 42 ] CVE-2012-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734 [ 43 ] CVE-2012-2102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102 [ 44 ] CVE-2012-2122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122 [ 45 ] CVE-2012-2749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749 [ 46 ] CVE-2012-3150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150 [ 47 ] CVE-2012-3158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158 [ 48 ] CVE-2012-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160 [ 49 ] CVE-2012-3163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163 [ 50 ] CVE-2012-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166 [ 51 ] CVE-2012-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167 [ 52 ] CVE-2012-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173 [ 53 ] CVE-2012-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177 [ 54 ] CVE-2012-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180 [ 55 ] CVE-2012-3197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197 [ 56 ] CVE-2012-5060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060 [ 57 ] CVE-2012-5096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096 [ 58 ] CVE-2012-5611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611 [ 59 ] CVE-2012-5612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612 [ 60 ] CVE-2012-5613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613 [ 61 ] CVE-2012-5614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614 [ 62 ] CVE-2012-5615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615 [ 63 ] CVE-2012-5627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627 [ 64 ] CVE-2013-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367 [ 65 ] CVE-2013-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368 [ 66 ] CVE-2013-0371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371 [ 67 ] CVE-2013-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375 [ 68 ] CVE-2013-0383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383 [ 69 ] CVE-2013-0384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384 [ 70 ] CVE-2013-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385 [ 71 ] CVE-2013-0386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386 [ 72 ] CVE-2013-0389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389 [ 73 ] CVE-2013-1492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1492 [ 74 ] CVE-2013-1502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502 [ 75 ] CVE-2013-1506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506 [ 76 ] CVE-2013-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511 [ 77 ] CVE-2013-1512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512 [ 78 ] CVE-2013-1521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521 [ 79 ] CVE-2013-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523 [ 80 ] CVE-2013-1526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526 [ 81 ] CVE-2013-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531 [ 82 ] CVE-2013-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532 [ 83 ] CVE-2013-1544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544 [ 84 ] CVE-2013-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548 [ 85 ] CVE-2013-1552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552 [ 86 ] CVE-2013-1555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555 [ 87 ] CVE-2013-1566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566 [ 88 ] CVE-2013-1567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567 [ 89 ] CVE-2013-1570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570 [ 90 ] CVE-2013-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1623 [ 91 ] CVE-2013-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375 [ 92 ] CVE-2013-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376 [ 93 ] CVE-2013-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378 [ 94 ] CVE-2013-2381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381 [ 95 ] CVE-2013-2389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389 [ 96 ] CVE-2013-2391 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391 [ 97 ] CVE-2013-2392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392 [ 98 ] CVE-2013-2395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395 [ 99 ] CVE-2013-3802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802 [ 100 ] CVE-2013-3804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804 [ 101 ] CVE-2013-3808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201308-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5