Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 580832 (CVE-2016-0594, CVE-2016-0595, CVE-2016-0605, CVE-2016-0607, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0668) - <dev-db/mysql-{5.5.49,5.6.30}: Multiple vulnerabilities (CVE-2016-{0594,0595,0605,0607,0639,0640,0641,0642,0643,0644,0646,0647,0648,0649,0650,0651,0655,0661,0665,0668})
Summary: <dev-db/mysql-{5.5.49,5.6.30}: Multiple vulnerabilities (CVE-2016-{0594,0595,...
Status: RESOLVED FIXED
Alias: CVE-2016-0594, CVE-2016-0595, CVE-2016-0605, CVE-2016-0607, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/sec...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks: 555478 564170 CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505
  Show dependency tree
 
Reported: 2016-04-22 13:41 UTC by Brian Evans (RETIRED)
Modified: 2016-10-11 13:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Evans (RETIRED) gentoo-dev 2016-04-22 13:41:26 UTC
A security update of mysql described at $URL
Comment 1 Brian Evans (RETIRED) gentoo-dev 2016-05-17 18:56:53 UTC
Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mysql-5.6.30 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='server embedded extraengine perl openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mysql-X.X.XX.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-05-18 08:57:37 UTC
ugh, I thought we were nearly done migrating to mariadb
Comment 3 Agostino Sarubbo gentoo-dev 2016-05-19 07:41:01 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-05-19 07:42:15 UTC
x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-05-19 14:39:39 UTC
Stable for HPPA PPC64.
Comment 6 Markus Meier gentoo-dev 2016-05-19 18:29:10 UTC
arm stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2016-05-21 12:04:34 UTC
Stable on alpha.
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-08 08:18:48 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 08:43:08 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-07-08 13:29:11 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-07-17 13:13:40 UTC
CVE-2016-0668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0668):
  Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and
  earlier allows local users to affect availability via vectors related to
  InnoDB.

CVE-2016-0665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0665):
  Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and
  earlier allows local users to affect availability via vectors related to
  Security: Encryption.

CVE-2016-0661 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0661):
  Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and
  earlier allows local users to affect availability via vectors related to
  Options.

CVE-2016-0655 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0655):
  Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and
  earlier allows local users to affect availability via vectors related to
  InnoDB.

CVE-2016-0651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0651):
  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local
  users to affect availability via vectors related to Optimizer.

CVE-2016-0650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0650):
  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and
  earlier, and 5.7.10 and earlier allows local users to affect availability
  via vectors related to Replication.

CVE-2016-0649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0649):
  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and
  earlier, and 5.7.10 and earlier allows local users to affect availability
  via vectors related to PS.

CVE-2016-0648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0648):
  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and
  earlier, and 5.7.11 and earlier allows local users to affect availability
  via vectors related to PS.

CVE-2016-0647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0647):
  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and
  earlier, and 5.7.11 and earlier allows local users to affect availability
  via vectors related to FTS.

CVE-2016-0646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0646):
  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and
  earlier, and 5.7.10 and earlier allows local users to affect availability
  via vectors related to DML.

CVE-2016-0644 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0644):
  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and
  earlier, and 5.7.10 and earlier allows local users to affect availability
  via vectors related to DDL.

CVE-2016-0643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0643):
  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and
  earlier, and 5.7.11 and earlier allows local users to affect confidentiality
  via vectors related to DML.

CVE-2016-0642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0642):
  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and
  earlier, and 5.7.11 and earlier allows local users to affect integrity and
  availability via vectors related to Federated.

CVE-2016-0641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0641):
  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and
  earlier, and 5.7.10 and earlier allows local users to affect confidentiality
  and availability via vectors related to MyISAM.

CVE-2016-0640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0640):
  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and
  earlier, and 5.7.10 and earlier allows local users to affect integrity and
  availability via vectors related to DML.

CVE-2016-0639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0639):
  Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to Pluggable Authentication.

CVE-2016-0607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0607):
  Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9
  allows remote authenticated users to affect availability via unknown vectors
  related to replication.

CVE-2016-0605 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0605):
  Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote
  authenticated users to affect availability via unknown vectors.

CVE-2016-0595 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0595):
  Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote
  authenticated users to affect availability via vectors related to DML.

CVE-2016-0594 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0594):
  Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote
  authenticated users to affect availability via vectors related to DML.
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-07-17 13:14:50 UTC
New GLSA request filed.
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2016-07-21 12:42:13 UTC
*** Bug 589238 has been marked as a duplicate of this bug. ***
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-10-11 13:45:48 UTC
This issue was resolved and addressed in
 GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06
by GLSA coordinator Aaron Bauman (b-man).