- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201802-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MySQL: Multiple vulnerabilities Date: February 20, 2018 Bugs: #616486, #625626, #634652, #644986 ID: 201802-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Background ========== A fast, multi-threaded, multi-user SQL database server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.6.39 >= 5.6.39 Description =========== Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. Workaround ========== There are no known workarounds at this time. Resolution ========== All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.39" References ========== [ 1 ] CVE-2017-10155 https://nvd.nist.gov/vuln/detail/CVE-2017-10155 [ 2 ] CVE-2017-10227 https://nvd.nist.gov/vuln/detail/CVE-2017-10227 [ 3 ] CVE-2017-10268 https://nvd.nist.gov/vuln/detail/CVE-2017-10268 [ 4 ] CVE-2017-10276 https://nvd.nist.gov/vuln/detail/CVE-2017-10276 [ 5 ] CVE-2017-10283 https://nvd.nist.gov/vuln/detail/CVE-2017-10283 [ 6 ] CVE-2017-10286 https://nvd.nist.gov/vuln/detail/CVE-2017-10286 [ 7 ] CVE-2017-10294 https://nvd.nist.gov/vuln/detail/CVE-2017-10294 [ 8 ] CVE-2017-10314 https://nvd.nist.gov/vuln/detail/CVE-2017-10314 [ 9 ] CVE-2017-10378 https://nvd.nist.gov/vuln/detail/CVE-2017-10378 [ 10 ] CVE-2017-10379 https://nvd.nist.gov/vuln/detail/CVE-2017-10379 [ 11 ] CVE-2017-10384 https://nvd.nist.gov/vuln/detail/CVE-2017-10384 [ 12 ] CVE-2017-3308 https://nvd.nist.gov/vuln/detail/CVE-2017-3308 [ 13 ] CVE-2017-3309 https://nvd.nist.gov/vuln/detail/CVE-2017-3309 [ 14 ] CVE-2017-3329 https://nvd.nist.gov/vuln/detail/CVE-2017-3329 [ 15 ] CVE-2017-3450 https://nvd.nist.gov/vuln/detail/CVE-2017-3450 [ 16 ] CVE-2017-3452 https://nvd.nist.gov/vuln/detail/CVE-2017-3452 [ 17 ] CVE-2017-3453 https://nvd.nist.gov/vuln/detail/CVE-2017-3453 [ 18 ] CVE-2017-3456 https://nvd.nist.gov/vuln/detail/CVE-2017-3456 [ 19 ] CVE-2017-3461 https://nvd.nist.gov/vuln/detail/CVE-2017-3461 [ 20 ] CVE-2017-3462 https://nvd.nist.gov/vuln/detail/CVE-2017-3462 [ 21 ] CVE-2017-3463 https://nvd.nist.gov/vuln/detail/CVE-2017-3463 [ 22 ] CVE-2017-3464 https://nvd.nist.gov/vuln/detail/CVE-2017-3464 [ 23 ] CVE-2017-3599 https://nvd.nist.gov/vuln/detail/CVE-2017-3599 [ 24 ] CVE-2017-3600 https://nvd.nist.gov/vuln/detail/CVE-2017-3600 [ 25 ] CVE-2017-3633 https://nvd.nist.gov/vuln/detail/CVE-2017-3633 [ 26 ] CVE-2017-3634 https://nvd.nist.gov/vuln/detail/CVE-2017-3634 [ 27 ] CVE-2017-3635 https://nvd.nist.gov/vuln/detail/CVE-2017-3635 [ 28 ] CVE-2017-3636 https://nvd.nist.gov/vuln/detail/CVE-2017-3636 [ 29 ] CVE-2017-3637 https://nvd.nist.gov/vuln/detail/CVE-2017-3637 [ 30 ] CVE-2017-3641 https://nvd.nist.gov/vuln/detail/CVE-2017-3641 [ 31 ] CVE-2017-3647 https://nvd.nist.gov/vuln/detail/CVE-2017-3647 [ 32 ] CVE-2017-3648 https://nvd.nist.gov/vuln/detail/CVE-2017-3648 [ 33 ] CVE-2017-3649 https://nvd.nist.gov/vuln/detail/CVE-2017-3649 [ 34 ] CVE-2017-3651 https://nvd.nist.gov/vuln/detail/CVE-2017-3651 [ 35 ] CVE-2017-3652 https://nvd.nist.gov/vuln/detail/CVE-2017-3652 [ 36 ] CVE-2017-3653 https://nvd.nist.gov/vuln/detail/CVE-2017-3653 [ 37 ] CVE-2017-3732 https://nvd.nist.gov/vuln/detail/CVE-2017-3732 [ 38 ] CVE-2018-2562 https://nvd.nist.gov/vuln/detail/CVE-2018-2562 [ 39 ] CVE-2018-2573 https://nvd.nist.gov/vuln/detail/CVE-2018-2573 [ 40 ] CVE-2018-2583 https://nvd.nist.gov/vuln/detail/CVE-2018-2583 [ 41 ] CVE-2018-2590 https://nvd.nist.gov/vuln/detail/CVE-2018-2590 [ 42 ] CVE-2018-2591 https://nvd.nist.gov/vuln/detail/CVE-2018-2591 [ 43 ] CVE-2018-2612 https://nvd.nist.gov/vuln/detail/CVE-2018-2612 [ 44 ] CVE-2018-2622 https://nvd.nist.gov/vuln/detail/CVE-2018-2622 [ 45 ] CVE-2018-2640 https://nvd.nist.gov/vuln/detail/CVE-2018-2640 [ 46 ] CVE-2018-2645 https://nvd.nist.gov/vuln/detail/CVE-2018-2645 [ 47 ] CVE-2018-2647 https://nvd.nist.gov/vuln/detail/CVE-2018-2647 [ 48 ] CVE-2018-2665 https://nvd.nist.gov/vuln/detail/CVE-2018-2665 [ 49 ] CVE-2018-2668 https://nvd.nist.gov/vuln/detail/CVE-2018-2668 [ 50 ] CVE-2018-2696 https://nvd.nist.gov/vuln/detail/CVE-2018-2696 [ 51 ] CVE-2018-2703 https://nvd.nist.gov/vuln/detail/CVE-2018-2703 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201802-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5