Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-201702-17.xml
diff options
context:
space:
mode:
authorRepository QA checks <repo-qa-checks@gentoo.org>2017-02-20 23:42:12 +0000
committerRepository QA checks <repo-qa-checks@gentoo.org>2017-02-20 23:42:12 +0000
commit1b36af0e365f110888bbe1409d84a098c9909390 (patch)
tree709d59944065926adbc072d7adaad7a825864cdd /metadata/glsa/glsa-201702-17.xml
parent2017-02-20 23:23:07 UTC (diff)
parentAdd GLSA 201702-19 (diff)
downloadgentoo-1b36af0e365f110888bbe1409d84a098c9909390.tar.gz
gentoo-1b36af0e365f110888bbe1409d84a098c9909390.tar.bz2
gentoo-1b36af0e365f110888bbe1409d84a098c9909390.zip
Merge commit '97f22bd0b5854b88b4053edbfe1c9b698ebb5184'
Diffstat (limited to 'metadata/glsa/glsa-201702-17.xml')
-rw-r--r--metadata/glsa/glsa-201702-17.xml71
1 files changed, 71 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-201702-17.xml b/metadata/glsa/glsa-201702-17.xml
new file mode 100644
index 000000000000..4e34e47d9aa6
--- /dev/null
+++ b/metadata/glsa/glsa-201702-17.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-17">
+ <title>MySQL: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in MySQL, the worst of
+ which could lead to privilege escalation.
+ </synopsis>
+ <product type="ebuild">mysql</product>
+ <announced>2017-02-20</announced>
+ <revised>2017-02-20: 1</revised>
+ <bug>606254</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-db/mysql" auto="yes" arch="*">
+ <unaffected range="ge">5.6.35</unaffected>
+ <vulnerable range="lt">5.6.35</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+ enhanced, drop-in replacement for MySQL.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="high">
+ <p>An attacker could possibly escalate privileges, gain access to critical
+ data or complete access to all MySQL server accessible data, or cause a
+ Denial of Service condition via unspecified vectors.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All MySQL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.35"
+ </code>
+ </resolution>
+ <references>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8318">CVE-2016-8318</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8327">CVE-2016-8327</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3238">CVE-2017-3238</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3243">CVE-2017-3243</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3244">CVE-2017-3244</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3251">CVE-2017-3251</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3256">CVE-2017-3256</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3257">CVE-2017-3257</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3258">CVE-2017-3258</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3265">CVE-2017-3265</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3273">CVE-2017-3273</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3291">CVE-2017-3291</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3312">CVE-2017-3312</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3313">CVE-2017-3313</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3317">CVE-2017-3317</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3318">CVE-2017-3318</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3319">CVE-2017-3319</uri>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3320">CVE-2017-3320</uri>
+ <uri link="https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL">
+ Oracle Critical Patch Update Advisory - January 2017
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2017-02-12T18:49:15Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2017-02-20T23:27:11Z">whissi</metadata>
+</glsa>