Bug 1153463 (CVE-2014-6464)

Summary: CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, byte, carnil, chrisw, dallan, databases-maint, gkotton, hhorak, jdornak, jorton, jstanek, lhh, lpeer, markmc, mmaslano, mmuzila, rbryant, rohara, sclewis, vdanen, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20141015,reported=20141015,source=internet,cvss2=6.8/AV:N/AC:L/Au:S/C:N/I:N/A:C,rhel-5/mysql55-mysql=affected,rhel-6/mysql=new,rhel-7/mariadb=affected,rhscl-1/mysql55-mysql=affected,rhscl-1/mariadb55-mariadb=affected,openstack-5/mariadb-galera=affected,openstack-rdo/mariadb-galera=affected,fedora-all/community-mysql=affected,fedora-all/mariadb=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-17 06:05:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1153469, 1160514, 1160515, 1160548, 1160549, 1160550, 1160551, 1160566, 1162374, 1162375    
Bug Blocks: 1153468, 1165433    

Description Murray McAllister 2014-10-16 04:32:35 UTC
The following issue has been fixed in MySQL:

"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:INNODB DML FOREIGN KEYS."

References:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Comment 1 Murray McAllister 2014-10-16 04:44:20 UTC
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1153469]

Comment 5 Huzaifa S. Sidhpurwala 2014-11-05 07:21:35 UTC
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1160551]

Comment 8 errata-xmlrpc 2014-11-17 09:46:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1859 https://rhn.redhat.com/errata/RHSA-2014-1859.html

Comment 9 errata-xmlrpc 2014-11-17 09:56:44 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1862 https://rhn.redhat.com/errata/RHSA-2014-1862.html

Comment 10 errata-xmlrpc 2014-11-17 09:58:02 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1860 https://rhn.redhat.com/errata/RHSA-2014-1860.html

Comment 11 errata-xmlrpc 2014-11-17 11:07:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1861 https://rhn.redhat.com/errata/RHSA-2014-1861.html

Comment 12 errata-xmlrpc 2014-12-02 16:49:30 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2014:1937 https://rhn.redhat.com/errata/RHSA-2014-1937.html

Comment 13 errata-xmlrpc 2014-12-02 17:01:50 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2014:1940 https://rhn.redhat.com/errata/RHSA-2014-1940.html

Comment 14 Fedora Update System 2014-12-12 04:25:35 UTC
mariadb-5.5.40-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.