Advisories » MGASA-2014-0239

Updated mariadb packages fix security vulnerabilities

Publication date: 24 May 2014
Modification date: 24 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0384 , CVE-2014-2419 , CVE-2014-2430 , CVE-2014-2431 , CVE-2014-2432 , CVE-2014-2436 , CVE-2014-2438 , CVE-2014-2440

Description

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote
authenticated users to affect availability via vectors related to XML
(CVE-2014-0384).

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
and 5.6.15 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Partition (CVE-2014-2419).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Performance Schema
(CVE-2014-2430).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote attackers to affect availability
via unknown vectors related to Options (CVE-2014-2431).

Unspecified vulnerability Oracle the MySQL Server component 5.5.35
and earlier and 5.6.15 and earlier allows remote authenticated users
to affect availability via unknown vectors related to Federated
(CVE-2014-2432).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
RBR (CVE-2014-2436).

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and
earlier and 5.6.15 and earlier allows remote authenticated users
to affect availability via unknown vectors related to Replication
(CVE-2014-2438).

Unspecified vulnerability in the MySQL Client component in Oracle MySQL
5.5.36 and earlier and 5.6.16 and earlier allows remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors (CVE-2014-2440).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13256
• https://mariadb.com/kb/en/mariadb-5537-changelog/
• http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
• http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:102/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440

SRPMS

4/core

• mariadb-5.5.37-1.mga4

3/core

• mariadb-5.5.37-1.mga3