Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 589238 - <dev-db/mysql-{5.5.50,5.6.31}: Multiple vulnerabilties (CVE-2016-{3459,3477,3486,3501,3521,3614,3615,5439,5440})
Summary: <dev-db/mysql-{5.5.50,5.6.31}: Multiple vulnerabilties (CVE-2016-{3459,3477,3...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa cve]
Keywords:
: 589410 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-07-20 13:29 UTC by Agostino Sarubbo
Modified: 2016-10-12 13:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-21 12:42:13 UTC
=dev-db/mysql-{5.6.30, 5.5.0} are already in tree and 5.6.30 stabilized.  We will assign the relevant CVE's to that bug.

*** This bug has been marked as a duplicate of bug 580832 ***
Comment 2 Brian Evans Gentoo Infrastructure gentoo-dev 2016-07-21 12:49:56 UTC
(In reply to Aaron Bauman from comment #1)
> =dev-db/mysql-{5.6.30, 5.5.0} are already in tree and 5.6.30 stabilized.  We
> will assign the relevant CVE's to that bug.
> 
> *** This bug has been marked as a duplicate of bug 580832 ***

Several of the CVEs affect <=5.6.30.  5.6.31 should be the new stable target.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-23 02:26:43 UTC
*** Bug 589410 has been marked as a duplicate of this bug. ***
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-23 02:28:14 UTC
Added to existing GLSA.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-07-23 02:28:29 UTC
CVE-2016-5440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5440):
  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and
  earlier, and 5.7.12 and earlier allows remote administrators to affect
  availability via vectors related to Server: RBR.

CVE-2016-5439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5439):
  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and
  earlier allows remote administrators to affect availability via vectors
  related to Server: Privileges.

CVE-2016-3615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3615):
  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and
  earlier, and 5.7.12 and earlier allows remote authenticated users to affect
  availability via vectors related to Server: DML.

CVE-2016-3614 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3614):
  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and
  earlier allows remote authenticated users to affect availability via vectors
  related to Server: Security: Encryption.

CVE-2016-3521 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3521):
  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and
  earlier, and 5.7.12 and earlier allows remote authenticated users to affect
  availability via vectors related to Server: Types.

CVE-2016-3501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3501):
  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and
  earlier allows remote authenticated users to affect availability via vectors
  related to Server: Optimizer.

CVE-2016-3486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3486):
  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and
  earlier allows remote authenticated users to affect availability via vectors
  related to Server: FTS.

CVE-2016-3477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3477):
  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and
  earlier, and 5.7.12 and earlier allows local users to affect
  confidentiality, integrity, and availability via vectors related to Server:
  Parser.

CVE-2016-3459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3459):
  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and
  earlier allows remote administrators to affect availability via vectors
  related to Server: InnoDB.
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-23 02:35:50 UTC
@arches, please stabilize:

=dev-db/mysql-5.6.31
Comment 7 Jeroen Roovers gentoo-dev 2016-07-24 08:32:50 UTC
Stable for PPC64.
Comment 8 Jeroen Roovers gentoo-dev 2016-07-24 16:03:31 UTC
Stable for HPPA.
Comment 9 Tobias Klausmann gentoo-dev 2016-07-26 12:30:01 UTC
Stable on alpha.
Comment 10 Markus Meier gentoo-dev 2016-07-27 20:30:55 UTC
arm stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-07-28 08:44:59 UTC
amd64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2016-07-28 14:10:13 UTC
x86 stable
Comment 13 Agostino Sarubbo gentoo-dev 2016-09-29 09:48:50 UTC
sparc stable
Comment 14 Agostino Sarubbo gentoo-dev 2016-09-29 13:08:50 UTC
ppc stable
Comment 15 Agostino Sarubbo gentoo-dev 2016-09-29 13:36:11 UTC
ia64 stable.

Maintainer(s), please cleanup.
Comment 16 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 13:23:05 UTC
@maintainers, please clean 5.6.31.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2016-10-11 13:46:08 UTC
This issue was resolved and addressed in
 GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06
by GLSA coordinator Aaron Bauman (b-man).
Comment 18 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 13:49:46 UTC
Reopening for cleanup.  Please cleanup the following:

=dev-db/mysql-5.6.30
Comment 19 Brian Evans Gentoo Infrastructure gentoo-dev 2016-10-11 14:17:57 UTC
Cleanup complete
Comment 20 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-12 13:28:56 UTC
(In reply to Brian Evans from comment #19)
> Cleanup complete

Thanks, Brian!