You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa MySQL i MariaDB

Sigurnosni nedostaci programskih paketa MySQL i MariaDB

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201411-02
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
http://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: MySQL, MariaDB: Multiple vulnerabilities
Date: November 05, 2014
Bugs: #525504
ID: 201411-02

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in the MySQL and MariaDB,
possibly allowing attackers to cause unspecified impact.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-db/mysql < 5.5.40 >= 5.5.40
2 dev-db/mariadb < 5.5.40-r1 >= 5.5.40-r1
——————————————————————-
2 affected packages

Description
===========

Multiple unspecified vulnerabilities have been discovered in MySQL.
Please review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could exploit these vulnerabilities to cause
unspecified impact, possibly including remote execution of arbitrary
code, Denial of Service, or disclosure of sensitive information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-db/mysql-5.5.40”

All MariaDB users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-db/mariadb-5.5.40-r1”

References
==========

[ 1 ] CVE-2014-6464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464
[ 2 ] CVE-2014-6469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469
[ 3 ] CVE-2014-6491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491
[ 4 ] CVE-2014-6494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494
[ 5 ] CVE-2014-6496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496
[ 6 ] CVE-2014-6500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500
[ 7 ] CVE-2014-6507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507
[ 8 ] CVE-2014-6555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555
[ 9 ] CVE-2014-6559
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201411-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iF4EAREIAAYFAlRavf4ACgkQAnl3SfnYR/gzvQEAl1IkGXR2tYRvnTAY/sC4WG9+
NwvutdDlwJC9IB0dVVoBAIzfv5eAB/Zvlv69bUDafb/KDOh2dl+PvJFNMYeOFzrf
=O2FV
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa openssl1

Izdane su zakrpe za otklanjanje četriri ranjivosti kod paketa OpenSSL za SUSE LE. Jedna ranjivost posljedica je curenja memorijskog sadržaja...

Close