Bug 1053375 (CVE-2014-0386)

Summary: CVE-2014-0386 mysql: unspecified vulnerability related to Optimizer DoS (CPU Jan 2014)
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: angelo.alvarez, byte, databases-maint, drieden, hhorak, jkurik, jstanek, mdshaikh, mmaslano, nobody+bgollahe, tdawson, tkramer, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-20 14:25:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1054041, 1054042, 1054043, 1055875, 1055876, 1055880, 1055882, 1055883, 1055884, 1056440, 1056457    
Bug Blocks: 1053394    

Description Murray McAllister 2014-01-15 06:43:22 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-0386 to
the following vulnerability:

Name: CVE-2014-0386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
Assigned: 20131212
Reference: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
Comment 2 Huzaifa S. Sidhpurwala 2014-01-16 06:46:15 UTC 
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1054043]
Comment 3 Huzaifa S. Sidhpurwala 2014-01-16 06:46:18 UTC 
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1054042]
Comment 7 Angelo Alvarez 2014-01-30 02:06:24 UTC 
Does this vulnerability affect the mysql or mysql55 packages provided by RHEL5??  I wish someone would update the CVE pages, so we know whether RHEL5 or RHEL6 is affected.  Instead, the CVE page (https://access.redhat.com/security/cve/CVE-2014-0437) does not provide this info and just links to the bugzilla.  Frustrating to say the least :(
Comment 9 errata-xmlrpc 2014-02-12 18:23:57 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0164 https://rhn.redhat.com/errata/RHSA-2014-0164.html
Comment 10 errata-xmlrpc 2014-02-13 18:37:31 UTC 
This issue has been addressed in following products:

  Red Hat Software Collections for RHEL-6

Via RHSA-2014:0173 https://rhn.redhat.com/errata/RHSA-2014-0173.html
Comment 11 errata-xmlrpc 2014-02-18 17:56:26 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0186 https://rhn.redhat.com/errata/RHSA-2014-0186.html
Comment 12 errata-xmlrpc 2014-02-19 18:46:29 UTC 
This issue has been addressed in following products:

  Red Hat Software Collections for RHEL-6

Via RHSA-2014:0189 https://rhn.redhat.com/errata/RHSA-2014-0189.html