Red Hat Bugzilla – Bug 1053375
CVE-2014-0386 mysql: unspecified vulnerability related to Optimizer DoS (CPU Jan 2014)
Last modified: 2015-11-24 10:39:11 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-0386 to the following vulnerability: Name: CVE-2014-0386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386 Assigned: 20131212 Reference: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 1054043]
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1054042]
Does this vulnerability affect the mysql or mysql55 packages provided by RHEL5?? I wish someone would update the CVE pages, so we know whether RHEL5 or RHEL6 is affected. Instead, the CVE page (https://access.redhat.com/security/cve/CVE-2014-0437) does not provide this info and just links to the bugzilla. Frustrating to say the least :(
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0164 https://rhn.redhat.com/errata/RHSA-2014-0164.html
This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2014:0173 https://rhn.redhat.com/errata/RHSA-2014-0173.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0186 https://rhn.redhat.com/errata/RHSA-2014-0186.html
This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2014:0189 https://rhn.redhat.com/errata/RHSA-2014-0189.html