Bug 1153467 (CVE-2014-6484)

Summary: CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, byte, carnil, chrisw, dallan, databases-maint, gkotton, hhorak, jdornak, jorton, jstanek, lhh, lpeer, markmc, mmaslano, mmuzila, rbryant, rohara, sclewis, vdanen, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20141015,reported=20141015,source=internet,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P,rhel-5/mysql55-mysql=affected,rhel-6/mysql=new,rhel-7/mariadb=affected,rhscl-1/mysql55-mysql=affected,rhscl-1/mariadb55-mariadb=affected,openstack-5/mariadb-galera=affected,openstack-rdo/mariadb-galera=affected,fedora-all/community-mysql=affected,fedora-all/mariadb=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-17 06:09:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1153469, 1160514, 1160515, 1160548, 1160549, 1160550, 1160551, 1160566, 1162374, 1162375    
Bug Blocks: 1153468, 1165433    

Description Murray McAllister 2014-10-16 04:36:35 UTC
The following issue has been fixed in MySQL:

"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier,
and 5.6.19 and earlier, allows remote authenticated users to affect
availability via vectors related to SERVER:DML."

References:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Comment 1 Murray McAllister 2014-10-16 04:45:33 UTC
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1153469]

Comment 5 Huzaifa S. Sidhpurwala 2014-11-05 07:24:04 UTC
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1160551]

Comment 8 errata-xmlrpc 2014-11-17 09:46:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1859 https://rhn.redhat.com/errata/RHSA-2014-1859.html

Comment 9 errata-xmlrpc 2014-11-17 09:56:50 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1862 https://rhn.redhat.com/errata/RHSA-2014-1862.html

Comment 10 errata-xmlrpc 2014-11-17 09:58:07 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1860 https://rhn.redhat.com/errata/RHSA-2014-1860.html

Comment 11 errata-xmlrpc 2014-11-17 11:07:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1861 https://rhn.redhat.com/errata/RHSA-2014-1861.html

Comment 12 errata-xmlrpc 2014-12-02 16:49:36 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2014:1937 https://rhn.redhat.com/errata/RHSA-2014-1937.html

Comment 13 errata-xmlrpc 2014-12-02 17:01:56 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2014:1940 https://rhn.redhat.com/errata/RHSA-2014-1940.html

Comment 14 Fedora Update System 2014-12-03 01:02:16 UTC
mariadb-galera-5.5.40-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2014-12-12 04:25:41 UTC
mariadb-5.5.40-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.