Lucene search

K

Gentoo FoundationGLSA-201409-04

HistorySep 04, 2014 - 12:00 a.m.

MySQL: Multiple vulnerabilities

2014-09-0400:00:00

Gentoo Foundation

security.gentoo.org

21

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

Background

MySQL is a popular multi-threaded, multi-user SQL server.

Description

Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All MySQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.5.39"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/mysql< 5.5.39UNKNOWN

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

Related for GLSA-201409-04

nessus63 openvas64 fedora12 f54 redhat8 veracode11 suse1 oraclelinux4 centos7 debian5 ubuntu3 osv1 slackware1 amazon2 mageia1 prion4 cve4 ubuntucve4