Mageia alert MGASA-2014-0239 (mariadb)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2014-0239: Updated mariadb packages fix security vulnerabilities | |
| Date: | Sat, 24 May 2014 09:23:11 +0200 | |
| Message-ID: | <20140524072311.CD3CB5C597@valstar.mageia.org> |
MGASA-2014-0239 - Updated mariadb packages fix security vulnerabilities Publication date: 24 May 2014 URL: http://advisories.mageia.org/MGASA-2014-0239.html Type: security Affected Mageia releases: 3, 4 CVE: CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440 Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML (CVE-2014-0384). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2014-2419). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema (CVE-2014-2430). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options (CVE-2014-2431). Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated (CVE-2014-2432). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR (CVE-2014-2436). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-2438). Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-2440). References: - https://bugs.mageia.org/show_bug.cgi?id=13256 - https://mariadb.com/kb/en/mariadb-5537-changelog/ - http://www.oracle.com/technetwork/topics/security/cpuapr2... - http://www.mandriva.com/en/support/security/advisories/mb... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440 SRPMS: - 4/core/mariadb-5.5.37-1.mga4 - 3/core/mariadb-5.5.37-1.mga3