[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Xj22S-0002Ix-H2@titan.mandriva.com>
Date: Tue, 28 Oct 2014 09:22:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:210 ] mariadb
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:210
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : mariadb
Date : October 28, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in mariadb:
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:INNODB DML FOREIGN KEYS
(CVE-2014-6464).
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,
and 5.6.20 and earlier, allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6507).
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6555).
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier, and 5.6.20 and earlier, allows remote attackers to affect
confidentiality via vectors related to C API SSL CERTIFICATE HANDLING
(CVE-2014-6559).
The updated packages have been upgraded to the 5.5.40 version which
is not vulnerable to these issues.
Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from
the source tarball and only builds with jemalloc if a system copy
of the jemalloc library is detecting during the build. This update
provides the jemalloc library packages to resolve this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
https://bugs.mageia.org/show_bug.cgi?id=14389
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
d3777064729ac827717ee166be4d6536 mbs1/x86_64/lib64jemalloc1-3.6.0-1.mbs1.x86_64.rpm
3544defe7a86633549c42285508dc09b mbs1/x86_64/lib64jemalloc-devel-3.6.0-1.mbs1.x86_64.rpm
412cf1c80ce6310949189a399019cd82 mbs1/x86_64/lib64mariadb18-5.5.40-1.1.mbs1.x86_64.rpm
354662572fd04b7b8e4bf2f6ea4ab1b6 mbs1/x86_64/lib64mariadb-devel-5.5.40-1.1.mbs1.x86_64.rpm
eb88bc949042a53e31e07f231aaa79e9 mbs1/x86_64/lib64mariadb-embedded18-5.5.40-1.1.mbs1.x86_64.rpm
662b8680f36ef37b22546cb9cb7999f2 mbs1/x86_64/lib64mariadb-embedded-devel-5.5.40-1.1.mbs1.x86_64.rpm
a46730286be82d1ac546517272004234 mbs1/x86_64/mariadb-5.5.40-1.1.mbs1.x86_64.rpm
07e236cfab3ac7c225a5b61c0f74498b mbs1/x86_64/mariadb-bench-5.5.40-1.1.mbs1.x86_64.rpm
4d277e041e4eac4f3da19e35b77f5958 mbs1/x86_64/mariadb-client-5.5.40-1.1.mbs1.x86_64.rpm
51ac1072841e4227f2082620e389b00a mbs1/x86_64/mariadb-common-5.5.40-1.1.mbs1.x86_64.rpm
e7e7390b3dc47d105cb0735e884fc60b mbs1/x86_64/mariadb-common-core-5.5.40-1.1.mbs1.x86_64.rpm
b1809dc518b89e3a986439db654fc92b mbs1/x86_64/mariadb-core-5.5.40-1.1.mbs1.x86_64.rpm
c7a4f6e406a442e4c3b19a3ceccb211a mbs1/x86_64/mariadb-extra-5.5.40-1.1.mbs1.x86_64.rpm
6fe78e03875f2ec2227f6ef7d0f90e18 mbs1/x86_64/mariadb-feedback-5.5.40-1.1.mbs1.x86_64.rpm
1ef05e7a3532d97afb4dfa68f2d5b66a mbs1/x86_64/mariadb-obsolete-5.5.40-1.1.mbs1.x86_64.rpm
842bec02ddec2fd3dca28e907080aef5 mbs1/x86_64/mysql-MariaDB-5.5.40-1.1.mbs1.x86_64.rpm
c820c46809e494c1d5ad83526d1f1ed1 mbs1/SRPMS/jemalloc-3.6.0-1.mbs1.src.rpm
7e6c522174ff1513cd9f09b2cf5feffc mbs1/SRPMS/mariadb-5.5.40-1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUT0QSmqjQ0CJFipgRAmnhAKCOd9QLoxRrlcA8U4XLA46+ZhjfFwCfQzhY
tRKQjAv7QAJqbwipIkIIC8Q=
=uyHd
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists