LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:028: mariadb Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been discovered and corrected in mariadb: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:028
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mariadb
 Date    : February 13, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in mariadb:
 
 Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
 5.5.35 allows remote database servers to cause a denial of service
 (crash) and possibly execute arbitrary code via a long server version
 string (CVE-2014-0001).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to InnoDB (CVE-2014-0412).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to Optimizer (CVE-2014-0437).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
 allows remote attackers to affect availability via unknown vectors
 related to Error Handling (CVE-2013-5908).
 
 Unspecified vulnerability in the MySQL Server component in Oracle MySQL
 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated
 users to affect availability via unknown vectors related to Replication
 (CVE-2014-0420).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
 allows remote authenticated users to affect integrity via unknown
 vectors related to InnoDB (CVE-2014-0393).
 
 Unspecified vulnerability in the MySQL Server component in Oracle MySQL
 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated
 users to affect availability via unknown vectors related to Partition
 (CVE-2013-5891).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to Optimizer (CVE-2014-0386).
 
 Unspecified vulnerability in the MySQL Server component in Oracle MySQL
 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows
 remote authenticated users to affect availability via unknown vectors
 (CVE-2014-0401).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to Locking (CVE-2014-0402).
 
 The updated packages have been upgraded to the 5.5.35 version which
 is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
 https://mariadb.com/kb/en/mariadb-5535-release-notes/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 c4506e2f821bb960753f87e0e4ae358e  mbs1/x86_64/lib64mariadb18-5.5.35-1.mbs1.x86_64.rpm
 0aabce801de937cf7d0b6e370337ee59  mbs1/x86_64/lib64mariadb-devel-5.5.35-1.mbs1.x86_64.rpm
 ebec92fb0f77f15039c75970da2fb016  mbs1/x86_64/lib64mariadb-embedded18-5.5.35-1.mbs1.x86_64.rpm
 5cbc3bef79b6088611b8e9d949721ca1  mbs1/x86_64/lib64mariadb-embedded-devel-5.5.35-1.mbs1.x86_64.rpm
 1aec9579d6bb0c9846bcc19ff6d77d64  mbs1/x86_64/mariadb-5.5.35-1.mbs1.x86_64.rpm
 a727ddd8d4b38a5423d1f996a77b37a9  mbs1/x86_64/mariadb-bench-5.5.35-1.mbs1.x86_64.rpm
 6322005c7cca10c2b069a31c68f74bca  mbs1/x86_64/mariadb-client-5.5.35-1.mbs1.x86_64.rpm
 39a528d1e4ea9bd4e070229f69af0097  mbs1/x86_64/mariadb-common-5.5.35-1.mbs1.x86_64.rpm
 ba9f6a9adf6e054851c8cb0b4c97480c  mbs1/x86_64/mariadb-common-core-5.5.35-1.mbs1.x86_64.rpm
 11a4d25702a5e780d450dd6b0879cc95  mbs1/x86_64/mariadb-core-5.5.35-1.mbs1.x86_64.rpm
 fcf494519bd55dfa5593cbe58598754c  mbs1/x86_64/mariadb-extra-5.5.35-1.mbs1.x86_64.rpm
 8ead8373395845ad6f6dc9b3c6385b0b  mbs1/x86_64/mariadb-feedback-5.5.35-1.mbs1.x86_64.rpm
 c00dbc345b919e9af97e23e96ce02b1c  mbs1/x86_64/mariadb-obsolete-5.5.35-1.mbs1.x86_64.rpm
 bd38c748f41973aa392926a759789fb7  mbs1/x86_64/mysql-MariaDB-5.5.35-1.mbs1.x86_64.rpm 
 e51a1d26d85b936c5125ec805017e1a3  mbs1/SRPMS/mariadb-5.5.35-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Removes SSLv3 Fallback Support From Chrome
Hacker Lexicon: What Is End-to-End Encryption?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.