You are here
Home > Preporuke > Ranjivosti programskih paketa MySQL i MariaDB

Ranjivosti programskih paketa MySQL i MariaDB

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LGE

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201610-06
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: MySQL and MariaDB: Multiple vulnerabilities
Date: October 11, 2016
Bugs: #546724, #555478, #555480, #564170, #564442, #572870,
#580832, #580834, #589238, #589346, #593608
ID: 201610-06

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in MySQL and MariaDB, the
worst of which could allow remote attackers to cause a Denial of
Service condition or obtain sensitive information.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-db/mysql < 5.6.31 >= 5.6.31
2 dev-db/mariadb < 10.0.27 *> 5.5.51
3 dev-db/mariab >= 10.0.27
——————————————————————-
3 affected packages

Description
===========

Multiple vulnerabilities have been discovered in MySQL and MariaDB.
Please review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could exploit vulnerabilities, through multiple
vectors, that affect the confidentiality, integrity, and availability
of MySQL and MariaDB.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-db/mysql-5.6.31”

All MariaDB users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-db/mariadb-10.0.27”

References
==========

[ 1 ] CVE-2015-2582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582
[ 2 ] CVE-2015-2611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611
[ 3 ] CVE-2015-2617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617
[ 4 ] CVE-2015-2620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620
[ 5 ] CVE-2015-2639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639
[ 6 ] CVE-2015-2641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641
[ 7 ] CVE-2015-2643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643
[ 8 ] CVE-2015-2648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648
[ 9 ] CVE-2015-2661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661
[ 10 ] CVE-2015-4737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737
[ 11 ] CVE-2015-4752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752
[ 12 ] CVE-2015-4756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756
[ 13 ] CVE-2015-4757
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757
[ 14 ] CVE-2015-4767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767
[ 15 ] CVE-2015-4769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769
[ 16 ] CVE-2015-4771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771
[ 17 ] CVE-2015-4772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201610-06

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

<html>
<head>

<meta http-equiv=”content-type” content=”text/html; charset=utf-8″>
</head>
<body bgcolor=”#FFFFFF” text=”#000000″>
<p>
<meta http-equiv=”content-type” content=”text/html; charset=utf-8″>
</p>
<pre style=”color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; white-space: pre-wrap;”>- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201610-06
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
<a class=”moz-txt-link-freetext” href=”https://security.gentoo.org/”>https://security.gentoo.org/</a>
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: MySQL and MariaDB: Multiple vulnerabilities
Date: October 11, 2016
Bugs: #546724, #555478, #555480, #564170, #564442, #572870,
#580832, #580834, #589238, #589346, #593608
ID: 201610-06

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in MySQL and MariaDB, the
worst of which could allow remote attackers to cause a Denial of
Service condition or obtain sensitive information.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-db/mysql < 5.6.31 >= 5.6.31
2 dev-db/mariadb < 10.0.27 *> 5.5.51
3 dev-db/mariab >= 10.0.27
——————————————————————-
3 affected packages

Description
===========

Multiple vulnerabilities have been discovered in MySQL and MariaDB.
Please review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could exploit vulnerabilities, through multiple
vectors, that affect the confidentiality, integrity, and availability
of MySQL and MariaDB.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-db/mysql-5.6.31”

All MariaDB users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-db/mariadb-10.0.27”

References
==========

[ 1 ] CVE-2015-2582
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582</a>
[ 2 ] CVE-2015-2611
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611</a>
[ 3 ] CVE-2015-2617
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617</a>
[ 4 ] CVE-2015-2620
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620</a>
[ 5 ] CVE-2015-2639
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639</a>
[ 6 ] CVE-2015-2641
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641</a>
[ 7 ] CVE-2015-2643
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643</a>
[ 8 ] CVE-2015-2648
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648</a>
[ 9 ] CVE-2015-2661
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661</a>
[ 10 ] CVE-2015-4737
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737</a>
[ 11 ] CVE-2015-4752
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752</a>
[ 12 ] CVE-2015-4756
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756</a>
[ 13 ] CVE-2015-4757
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757</a>
[ 14 ] CVE-2015-4767
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767</a>
[ 15 ] CVE-2015-4769
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769</a>
[ 16 ] CVE-2015-4771
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771</a>
[ 17 ] CVE-2015-4772
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772</a>

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

<a class=”moz-txt-link-freetext” href=”https://security.gentoo.org/glsa/201610-06″>https://security.gentoo.org/glsa/201610-06</a>

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
<a class=”moz-txt-link-abbreviated” href=”mailto:security@gentoo.org”>security@gentoo.org</a> or alternatively, you may file a bug at
<a class=”moz-txt-link-freetext” href=”https://bugs.gentoo.org”>https://bugs.gentoo.org</a>.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

<a class=”moz-txt-link-freetext” href=”http://creativecommons.org/licenses/by-sa/2.5″>http://creativecommons.org/licenses/by-sa/2.5</a></pre>
</body>
</html>
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQJ8BAEBCgBmBQJX/Oy3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5
RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/HPcP/2gPou78rZQekugNEiLG06ic
oULV8GI1kbCa9SJathi5KT/+vr12TmsIPHyoI0oY6Siw2GKFJjA9RUmfsqKPb9i9
ZZCcnSjzwg2rrzSqnXB6GPgU3QIXc7LpQtFwpuiqE1RIyAoAhRdifOCzReUgHgif
u14AwXtz01Gh22UxIqbph6yyLzht9LZhHDnM5F4xAOKS5gEsEdpEzBPeC2kgWG22
vPx4AnPevT/kNPwKmx1PUsRhIP3gnftZYtjHKhMXNbqYpn/tIfxJVSYWDdt7F6PY
PZoe6Y+/fYTUXehXhLCSzpouv7Z99rq5WlEWaJhDTG4dluVLCcHl/cPVbTMs2Fup
XZ6PxfYZHfmfkKtN39VJqmaH9+CrPIWw+gfN1jukS69BRSYPHa/GBifEhu9BZyP1
7NErAkyjCOEn58jDJIB/g1LLRTBRfQVwjDMhXrKpST1lsVVN7Ex2LaChQHvMVfJA
2JlLStg+xkOghYpioyrcUtS4KQUlFo1ld5JQ/P2zTXrEaWz3Mrd1Lm2RiGVz7d6d
9GZjFomhr2ikraSSQ933ljS1InFwKmyPmI2ohzQooxuwyP4m7gcdDqDDC4eqmDTB
oS044qQ2QWQG75Q3iOFUNE0gN5ziN2F5vqDa6ZgUegt2p3DYSgLS7+ohtzLdlvFZ
iY1bVhvBslJ1mLDSMgxi
=dz5p
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2016-10-0080-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci Windows Registry komponente

Otkriveni su sigurnosni nedostaci Windows Registry komponente. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje povećanih korisničkih ovlasti zbog nepravilnih dozvola za...

Close