Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 572870 (CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505)

Summary: <dev-db/mysql-{5.5.47,5.6.28}: multiple vulnerabilities (CVE-2016-{0502,0503,0504,0505})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 580832    
Bug Blocks:    

Comment 1 Brian Evans (RETIRED) gentoo-dev 2016-01-29 20:55:17 UTC
Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mysql-5.6.28 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='server embedded extraengine perl openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mysql-X.X.XX.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-01-31 09:23:43 UTC
Stable for HPPA PPC64.
Comment 3 Agostino Sarubbo gentoo-dev 2016-01-31 11:10:08 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-01-31 11:11:17 UTC
x86 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2016-01-31 13:11:34 UTC
Stable on alpha.
Comment 6 Markus Meier gentoo-dev 2016-02-03 20:46:27 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-03-16 14:09:49 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-03-19 12:29:32 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-03-20 12:25:49 UTC
ia64 stable.

Maintainer(s), please cleanup.
Comment 10 Brian Evans (RETIRED) gentoo-dev 2016-03-21 19:52:14 UTC
Cleanup complete
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-07-17 13:05:17 UTC
CVE-2016-0505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0505):
  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and
  earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and
  10.1.x before 10.1.10 allows remote authenticated users to affect
  availability via unknown vectors related to Options.

CVE-2016-0502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0502):
  Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and
  earlier allows remote authenticated users to affect availability via unknown
  vectors related to Optimizer.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2016-07-17 13:06:36 UTC
CVE-2016-0504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0504):
  Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9
  allows remote authenticated users to affect availability via vectors related
  to DML, a different vulnerability than CVE-2016-0503.

CVE-2016-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0503):
  Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9
  allows remote authenticated users to affect availability via vectors related
  to DML, a different vulnerability than CVE-2016-0504.
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2016-07-17 13:09:03 UTC
GLSA Vote: Yes.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-10-11 13:45:40 UTC
This issue was resolved and addressed in
 GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06
by GLSA coordinator Aaron Bauman (b-man).