exploit the possibilities

Mandriva Linux Security Advisory 2014-028

Mandriva Linux Security Advisory 2014-028
Posted Feb 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-028 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Various other issues have been addressed. The updated packages have been upgraded to the 5.5.35 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, CVE-2014-0402
MD5 | 91fd7bdaf03d53565d9cda48d9830e61

Mandriva Linux Security Advisory 2014-028

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:028
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mariadb
Date : February 13, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in mariadb:

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
5.5.35 allows remote database servers to cause a denial of service
(crash) and possibly execute arbitrary code via a long server version
string (CVE-2014-0001).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB (CVE-2014-0412).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2014-0437).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote attackers to affect availability via unknown vectors
related to Error Handling (CVE-2013-5908).

Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated
users to affect availability via unknown vectors related to Replication
(CVE-2014-0420).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect integrity via unknown
vectors related to InnoDB (CVE-2014-0393).

Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated
users to affect availability via unknown vectors related to Partition
(CVE-2013-5891).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2014-0386).

Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows
remote authenticated users to affect availability via unknown vectors
(CVE-2014-0401).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Locking (CVE-2014-0402).

The updated packages have been upgraded to the 5.5.35 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://mariadb.com/kb/en/mariadb-5535-release-notes/
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
c4506e2f821bb960753f87e0e4ae358e mbs1/x86_64/lib64mariadb18-5.5.35-1.mbs1.x86_64.rpm
0aabce801de937cf7d0b6e370337ee59 mbs1/x86_64/lib64mariadb-devel-5.5.35-1.mbs1.x86_64.rpm
ebec92fb0f77f15039c75970da2fb016 mbs1/x86_64/lib64mariadb-embedded18-5.5.35-1.mbs1.x86_64.rpm
5cbc3bef79b6088611b8e9d949721ca1 mbs1/x86_64/lib64mariadb-embedded-devel-5.5.35-1.mbs1.x86_64.rpm
1aec9579d6bb0c9846bcc19ff6d77d64 mbs1/x86_64/mariadb-5.5.35-1.mbs1.x86_64.rpm
a727ddd8d4b38a5423d1f996a77b37a9 mbs1/x86_64/mariadb-bench-5.5.35-1.mbs1.x86_64.rpm
6322005c7cca10c2b069a31c68f74bca mbs1/x86_64/mariadb-client-5.5.35-1.mbs1.x86_64.rpm
39a528d1e4ea9bd4e070229f69af0097 mbs1/x86_64/mariadb-common-5.5.35-1.mbs1.x86_64.rpm
ba9f6a9adf6e054851c8cb0b4c97480c mbs1/x86_64/mariadb-common-core-5.5.35-1.mbs1.x86_64.rpm
11a4d25702a5e780d450dd6b0879cc95 mbs1/x86_64/mariadb-core-5.5.35-1.mbs1.x86_64.rpm
fcf494519bd55dfa5593cbe58598754c mbs1/x86_64/mariadb-extra-5.5.35-1.mbs1.x86_64.rpm
8ead8373395845ad6f6dc9b3c6385b0b mbs1/x86_64/mariadb-feedback-5.5.35-1.mbs1.x86_64.rpm
c00dbc345b919e9af97e23e96ce02b1c mbs1/x86_64/mariadb-obsolete-5.5.35-1.mbs1.x86_64.rpm
bd38c748f41973aa392926a759789fb7 mbs1/x86_64/mysql-MariaDB-5.5.35-1.mbs1.x86_64.rpm
e51a1d26d85b936c5125ec805017e1a3 mbs1/SRPMS/mariadb-5.5.35-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS/P3AmqjQ0CJFipgRAmrGAJwJ8BrBCtFOIusEbRdyvqnddPP9swCbBpuS
H1WPjNNs8EGZD21sPYvAkuQ=
=Xr1S
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close