MySQL: Multiple vulnerabilities
Multiple vulnerabilities have been found in MySQL, worst of which
allows local attackers to escalate their privileges.
mysql
2014-09-04
2014-09-04
460748
488212
498164
500260
507802
518718
local, remote
5.5.39
5.5.39
MySQL is a popular multi-threaded, multi-user SQL server.
Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.
A local attacker could possibly gain escalated privileges. A remote
attacker could send a specially crafted SQL query, possibly resulting in
a Denial of Service condition. A remote attacker could entice a user to
connect to specially crafted MySQL server, possibly resulting in
execution of arbitrary code with the privileges of the process.
There is no known workaround at this time.
All MySQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39"
CVE-2013-1861
CVE-2013-2134
CVE-2013-3839
CVE-2013-5767
CVE-2013-5770
CVE-2013-5786
CVE-2013-5793
CVE-2013-5807
CVE-2013-5860
CVE-2013-5881
CVE-2013-5882
CVE-2013-5891
CVE-2013-5894
CVE-2013-5908
CVE-2014-0001
CVE-2014-0384
CVE-2014-0386
CVE-2014-0393
CVE-2014-0401
CVE-2014-0402
CVE-2014-0412
CVE-2014-0420
CVE-2014-0427
CVE-2014-0430
CVE-2014-0431
CVE-2014-0433
CVE-2014-0437
CVE-2014-2419
CVE-2014-2430
CVE-2014-2431
CVE-2014-2432
CVE-2014-2434
CVE-2014-2435
CVE-2014-2436
CVE-2014-2438
CVE-2014-2440
pinkbyte
pinkbyte