Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1053375 (CVE-2014-0386) - CVE-2014-0386 mysql: unspecified vulnerability related to Optimizer DoS (CPU Jan 2014)
Summary: CVE-2014-0386 mysql: unspecified vulnerability related to Optimizer DoS (CPU ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-0386
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1054041 1054042 1054043 1055875 1055876 1055880 1055882 1055883 1055884 1056440 1056457
Blocks: 1053394
TreeView+ depends on / blocked
 
Reported: 2014-01-15 06:43 UTC by Murray McAllister
Modified: 2019-09-29 13:12 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-20 14:25:30 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0164 0 normal SHIPPED_LIVE Moderate: mysql security and bug fix update 2014-02-12 23:22:48 UTC
Red Hat Product Errata RHSA-2014:0173 0 normal SHIPPED_LIVE Moderate: mysql55-mysql security update 2014-03-11 15:49:07 UTC
Red Hat Product Errata RHSA-2014:0186 0 normal SHIPPED_LIVE Moderate: mysql55-mysql security update 2014-02-18 22:55:41 UTC
Red Hat Product Errata RHSA-2014:0189 0 normal SHIPPED_LIVE Moderate: mariadb55-mariadb security update 2014-02-19 23:45:24 UTC

Description Murray McAllister 2014-01-15 06:43:22 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-0386 to
the following vulnerability:

Name: CVE-2014-0386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
Assigned: 20131212
Reference: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.

Comment 2 Huzaifa S. Sidhpurwala 2014-01-16 06:46:15 UTC
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1054043]

Comment 3 Huzaifa S. Sidhpurwala 2014-01-16 06:46:18 UTC
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1054042]

Comment 7 Angelo Alvarez 2014-01-30 02:06:24 UTC
Does this vulnerability affect the mysql or mysql55 packages provided by RHEL5??  I wish someone would update the CVE pages, so we know whether RHEL5 or RHEL6 is affected.  Instead, the CVE page (https://access.redhat.com/security/cve/CVE-2014-0437) does not provide this info and just links to the bugzilla.  Frustrating to say the least :(

Comment 9 errata-xmlrpc 2014-02-12 18:23:57 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0164 https://rhn.redhat.com/errata/RHSA-2014-0164.html

Comment 10 errata-xmlrpc 2014-02-13 18:37:31 UTC
This issue has been addressed in following products:

  Red Hat Software Collections for RHEL-6

Via RHSA-2014:0173 https://rhn.redhat.com/errata/RHSA-2014-0173.html

Comment 11 errata-xmlrpc 2014-02-18 17:56:26 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0186 https://rhn.redhat.com/errata/RHSA-2014-0186.html

Comment 12 errata-xmlrpc 2014-02-19 18:46:29 UTC
This issue has been addressed in following products:

  Red Hat Software Collections for RHEL-6

Via RHSA-2014:0189 https://rhn.redhat.com/errata/RHSA-2014-0189.html


Note You need to log in before you can comment on or make changes to this bug.