1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201702-17

[GLSA-201702-17] MySQL: Multiple vulnerabilities

Severity High
Affected Packages 1
Unaffected Packages 1
CVEs 18
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in MySQL, the worst of which could lead to privilege escalation.

Background
MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.

Description
Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
An attacker could possibly escalate privileges, gain access to critical
data or complete access to all MySQL server accessible data, or cause a
Denial of Service condition via unspecified vectors.

Workaround
There is no known workaround at this time.

Resolution
All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.35"

Package Affected Version
pkg:ebuild/dev-db/mysql?distro=gentoo < 5.6.35
Package Unaffected Version
pkg:ebuild/dev-db/mysql?distro=gentoo >= 5.6.35
ID
GLSA-201702-17
Severity
high
URL
https://security.gentoo.org/glsa/201702-17
Published
2017-02-20T00:00:00
(7 years ago)
Modified
2017-02-20T00:00:00
(7 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2016-8318 CVE-2016-8318 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8318
CVE CVE-2016-8327 CVE-2016-8327 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8327
CVE CVE-2017-3238 CVE-2017-3238 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3238
CVE CVE-2017-3243 CVE-2017-3243 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3243
CVE CVE-2017-3244 CVE-2017-3244 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3244
CVE CVE-2017-3251 CVE-2017-3251 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3251
CVE CVE-2017-3256 CVE-2017-3256 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3256
CVE CVE-2017-3257 CVE-2017-3257 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3257
CVE CVE-2017-3258 CVE-2017-3258 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3258
CVE CVE-2017-3265 CVE-2017-3265 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3265
CVE CVE-2017-3273 CVE-2017-3273 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3273
CVE CVE-2017-3291 CVE-2017-3291 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3291
CVE CVE-2017-3312 CVE-2017-3312 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3312
CVE CVE-2017-3313 CVE-2017-3313 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3313
CVE CVE-2017-3317 CVE-2017-3317 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3317
CVE CVE-2017-3318 CVE-2017-3318 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3318
CVE CVE-2017-3319 CVE-2017-3319 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3319
CVE CVE-2017-3320 CVE-2017-3320 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3320
Vendor Oracle Critical Patch Update Advisory - January 2017 https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL
Bugzilla 606254 Bugzilla #606254 https://bugs.gentoo.org/show_bug.cgi?id=606254
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/dev-db/mysql?distro=gentoo dev-db mysql < 5.6.35 gentoo
Unaffected pkg:ebuild/dev-db/mysql?distro=gentoo dev-db mysql >= 5.6.35 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date