Summary: | <dev-db/mysql-{5.5.49,5.6.30}: Multiple vulnerabilities (CVE-2016-{0594,0595,0605,0607,0639,0640,0641,0642,0643,0644,0646,0647,0648,0649,0650,0651,0655,0661,0665,0668}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Brian Evans (RETIRED) <grknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ago, mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/security-advisory/cpuapr2016verbose-2881709.html#MSQL | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 555478, 564170, 572870 |
Description
Brian Evans (RETIRED)
2016-04-22 13:41:26 UTC
Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mysql-5.6.30 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='server embedded extraengine perl openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-X.X.XX.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" ugh, I thought we were nearly done migrating to mariadb amd64 stable x86 stable Stable for HPPA PPC64. arm stable Stable on alpha. ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2016-0668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0668): Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB. CVE-2016-0665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0665): Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. CVE-2016-0661 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0661): Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. CVE-2016-0655 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0655): Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows local users to affect availability via vectors related to InnoDB. CVE-2016-0651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0651): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. CVE-2016-0650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0650): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to Replication. CVE-2016-0649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0649): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to PS. CVE-2016-0648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0648): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to PS. CVE-2016-0647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0647): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS. CVE-2016-0646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0646): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML. CVE-2016-0644 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0644): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL. CVE-2016-0643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0643): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect confidentiality via vectors related to DML. CVE-2016-0642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0642): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. CVE-2016-0641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0641): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. CVE-2016-0640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0640): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML. CVE-2016-0639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0639): Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. CVE-2016-0607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0607): Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. CVE-2016-0605 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0605): Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. CVE-2016-0595 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0595): Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2016-0594 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0594): Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. New GLSA request filed. *** Bug 589238 has been marked as a duplicate of this bug. *** This issue was resolved and addressed in GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06 by GLSA coordinator Aaron Bauman (b-man). |