Summary: | <dev-db/mysql-5.{5.44,6.25}: multiple vulnerabilities (CVE-2015-{2582,2611,2617,2620,2639,2641,2643,2648,2661,4737,4752,4756,4757,4767,4769,4771,4772}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 580832 | ||
Bug Blocks: | 556432 |
Description
Agostino Sarubbo
2015-07-20 14:04:05 UTC
For the record, CVE-2015-4761 does not apply as Gentoo never has built the embedded memcached server. CVE-2015-4772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. CVE-2015-4771 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR. CVE-2015-4769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. CVE-2015-4767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769. CVE-2015-4757 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. CVE-2015-4756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE-2015-4752 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. CVE-2015-4737 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. CVE-2015-2661 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client. CVE-2015-2648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2015-2643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. CVE-2015-2641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. CVE-2015-2639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall. CVE-2015-2620 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. CVE-2015-2617 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. CVE-2015-2611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611): Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2015-2582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Though the CVEs only go up to <5.6.25 I am targeting 5.6.26 for connection issues related, but not vulnerable, to LogJam. Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mysql-5.6.26 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl ssl static-libs community' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-5.6.26.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" amd64 stable x86 stable ia64 stable Stable on alpha. arm stable Stable for HPPA PPC64. ppc stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup was done. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06 by GLSA coordinator Aaron Bauman (b-man). |