{ "schema_version": "1.7.0", "id": "MGASA-2014-0239", "published": "2014-05-24T07:23:00Z", "modified": "2014-05-24T07:22:45Z", "summary": "Updated mariadb packages fix security vulnerabilities", "details": "Unspecified vulnerability in the MySQL Server component in Oracle\nMySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote\nauthenticated users to affect availability via vectors related to XML\n(CVE-2014-0384).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier\nand 5.6.15 and earlier allows remote authenticated users to affect\navailability via unknown vectors related to Partition (CVE-2014-2419).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier\nand 5.6.16 and earlier allows remote authenticated users to affect\navailability via unknown vectors related to Performance Schema\n(CVE-2014-2430).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier\nand 5.6.16 and earlier allows remote attackers to affect availability\nvia unknown vectors related to Options (CVE-2014-2431).\n\nUnspecified vulnerability Oracle the MySQL Server component 5.5.35\nand earlier and 5.6.15 and earlier allows remote authenticated users\nto affect availability via unknown vectors related to Federated\n(CVE-2014-2432).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier\nand 5.6.16 and earlier allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nRBR (CVE-2014-2436).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.35 and\nearlier and 5.6.15 and earlier allows remote authenticated users\nto affect availability via unknown vectors related to Replication\n(CVE-2014-2438).\n\nUnspecified vulnerability in the MySQL Client component in Oracle MySQL\n5.5.36 and earlier and 5.6.16 and earlier allows remote attackers\nto affect confidentiality, integrity, and availability via unknown\nvectors (CVE-2014-2440).\n", "upstream": [ "CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0239.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13256" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-5537-changelog/" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "type": "ADVISORY", "url": "http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:102/" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "mariadb", "purl": "pkg:rpm/mageia/mariadb?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.5.37-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "mariadb", "purl": "pkg:rpm/mageia/mariadb?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.5.37-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }