lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Xj22S-0002Ix-H2@titan.mandriva.com>
Date: Tue, 28 Oct 2014 09:22:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:210 ] mariadb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:210
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mariadb
 Date    : October 28, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in mariadb:
 
 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
 and 5.6.20 and earlier allows remote authenticated users to affect
 availability via vectors related to SERVER:INNODB DML FOREIGN KEYS
 (CVE-2014-6464).
 
 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler
 and 5.6.20 and earlier allows remote authenticated users to affect
 availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).
 
 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,
 and 5.6.20 and earlier, allows remote authenticated users to affect
 confidentiality, integrity, and availability via vectors related to
 SERVER:DML (CVE-2014-6507).
 
 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
 and 5.6.20 and earlier allows remote authenticated users to affect
 confidentiality, integrity, and availability via vectors related to
 SERVER:DML (CVE-2014-6555).
 
 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
 earlier, and 5.6.20 and earlier, allows remote attackers to affect
 confidentiality via vectors related to C API SSL CERTIFICATE HANDLING
 (CVE-2014-6559).
 
 The updated packages have been upgraded to the 5.5.40 version which
 is not vulnerable to these issues.
 
 Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from
 the source tarball and only builds with jemalloc if a system copy
 of the jemalloc library is detecting during the build. This update
 provides the jemalloc library packages to resolve this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
 https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/
 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
 https://bugs.mageia.org/show_bug.cgi?id=14389
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d3777064729ac827717ee166be4d6536  mbs1/x86_64/lib64jemalloc1-3.6.0-1.mbs1.x86_64.rpm
 3544defe7a86633549c42285508dc09b  mbs1/x86_64/lib64jemalloc-devel-3.6.0-1.mbs1.x86_64.rpm
 412cf1c80ce6310949189a399019cd82  mbs1/x86_64/lib64mariadb18-5.5.40-1.1.mbs1.x86_64.rpm
 354662572fd04b7b8e4bf2f6ea4ab1b6  mbs1/x86_64/lib64mariadb-devel-5.5.40-1.1.mbs1.x86_64.rpm
 eb88bc949042a53e31e07f231aaa79e9  mbs1/x86_64/lib64mariadb-embedded18-5.5.40-1.1.mbs1.x86_64.rpm
 662b8680f36ef37b22546cb9cb7999f2  mbs1/x86_64/lib64mariadb-embedded-devel-5.5.40-1.1.mbs1.x86_64.rpm
 a46730286be82d1ac546517272004234  mbs1/x86_64/mariadb-5.5.40-1.1.mbs1.x86_64.rpm
 07e236cfab3ac7c225a5b61c0f74498b  mbs1/x86_64/mariadb-bench-5.5.40-1.1.mbs1.x86_64.rpm
 4d277e041e4eac4f3da19e35b77f5958  mbs1/x86_64/mariadb-client-5.5.40-1.1.mbs1.x86_64.rpm
 51ac1072841e4227f2082620e389b00a  mbs1/x86_64/mariadb-common-5.5.40-1.1.mbs1.x86_64.rpm
 e7e7390b3dc47d105cb0735e884fc60b  mbs1/x86_64/mariadb-common-core-5.5.40-1.1.mbs1.x86_64.rpm
 b1809dc518b89e3a986439db654fc92b  mbs1/x86_64/mariadb-core-5.5.40-1.1.mbs1.x86_64.rpm
 c7a4f6e406a442e4c3b19a3ceccb211a  mbs1/x86_64/mariadb-extra-5.5.40-1.1.mbs1.x86_64.rpm
 6fe78e03875f2ec2227f6ef7d0f90e18  mbs1/x86_64/mariadb-feedback-5.5.40-1.1.mbs1.x86_64.rpm
 1ef05e7a3532d97afb4dfa68f2d5b66a  mbs1/x86_64/mariadb-obsolete-5.5.40-1.1.mbs1.x86_64.rpm
 842bec02ddec2fd3dca28e907080aef5  mbs1/x86_64/mysql-MariaDB-5.5.40-1.1.mbs1.x86_64.rpm 
 c820c46809e494c1d5ad83526d1f1ed1  mbs1/SRPMS/jemalloc-3.6.0-1.mbs1.src.rpm
 7e6c522174ff1513cd9f09b2cf5feffc  mbs1/SRPMS/mariadb-5.5.40-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUT0QSmqjQ0CJFipgRAmnhAKCOd9QLoxRrlcA8U4XLA46+ZhjfFwCfQzhY
tRKQjAv7QAJqbwipIkIIC8Q=
=uyHd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ