Bug 1153489 (CVE-2014-6505)

Summary: CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, byte, chrisw, dallan, databases-maint, gkotton, hhorak, jdornak, jorton, jstanek, lhh, lpeer, markmc, mmaslano, mmuzila, rbryant, rohara, sclewis, vdanen, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-17 06:09:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1153469, 1160514, 1160515, 1160548, 1160549, 1160550, 1160551, 1160566, 1162374, 1162375    
Bug Blocks: 1153468, 1165433    

Description Murray McAllister 2014-10-16 05:44:21 UTC
The following issue has been fixed in MySQL:

"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier,
and 5.6.19 and earlier, allows remote authenticated users to affect
availability via vectors related to SERVER:MEMORY STORAGE ENGINE."

References:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Comment 1 Murray McAllister 2014-10-16 05:59:10 UTC
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1153469]

Comment 5 Huzaifa S. Sidhpurwala 2014-11-05 07:25:21 UTC
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1160551]

Comment 8 errata-xmlrpc 2014-11-17 09:46:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1859 https://rhn.redhat.com/errata/RHSA-2014-1859.html

Comment 9 errata-xmlrpc 2014-11-17 09:56:53 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1862 https://rhn.redhat.com/errata/RHSA-2014-1862.html

Comment 10 errata-xmlrpc 2014-11-17 09:58:11 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1860 https://rhn.redhat.com/errata/RHSA-2014-1860.html

Comment 11 errata-xmlrpc 2014-11-17 11:07:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1861 https://rhn.redhat.com/errata/RHSA-2014-1861.html

Comment 12 errata-xmlrpc 2014-12-02 16:49:39 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2014:1937 https://rhn.redhat.com/errata/RHSA-2014-1937.html

Comment 13 errata-xmlrpc 2014-12-02 17:02:00 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2014:1940 https://rhn.redhat.com/errata/RHSA-2014-1940.html

Comment 14 Fedora Update System 2014-12-03 01:02:19 UTC
mariadb-galera-5.5.40-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2014-12-12 04:25:44 UTC
mariadb-5.5.40-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.