Summary: | <dev-db/mysql-5.5.37 : Multiple Vulnerabilities (CVE-2013-{5860,5881,5882,5891,5894,5908},CVE-2014-{0386,0393,0401,0402,0412,0420,0427,0430,0431,0433,0437}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kredba, mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/56491/ | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() Going through all the CVE's here are affected versions: < 5.6.14 < 5.5.34 < 5.1.72 CVE-2014-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0437): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2014-0433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0433): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling. CVE-2014-0431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0431): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881. CVE-2014-0430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0430): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. CVE-2014-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0427): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS. CVE-2014-0420 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0420): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. CVE-2014-0412 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0412): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2014-0402 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0402): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. CVE-2014-0401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0401): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. CVE-2014-0393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0393): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. CVE-2014-0386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0386): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2013-5908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5908): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2013-5894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5894): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-5891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5891): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. CVE-2013-5882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5882): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures. CVE-2013-5881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5881): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431. CVE-2013-5860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5860): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. I've pushed mysql-5.5.37 into the tree. We're going to take care of this stabilization as this is the first 5.5 release we're going to mark stable. Thanks for your work, guys. Added to existing GLSA request This issue was resolved and addressed in GLSA 201409-04 at http://security.gentoo.org/glsa/glsa-201409-04.xml by GLSA coordinator Sergey Popov (pinkbyte). |