Bug 1153469 - CVE-2014-6507 CVE-2014-6520 CVE-2014-6505 CVE-2014-6474 CVE-2014-4287 CVE-2014-6551 CVE-2014-6555 CVE-2014-6484 CVE-2014-6464 CVE-2014-6559 CVE-2014-6530 CVE-2014-6564 CVE-2014-6469 CVE-2014-6463 community-mysql: various flaws [fedora-all]
Summary: CVE-2014-6507 CVE-2014-6520 CVE-2014-6505 CVE-2014-6474 CVE-2014-4287 CVE-201...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: community-mysql
Version: 20
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Honza Horak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: fst_owner=bvincent
Depends On:
Blocks: CVE-2014-6474 CVE-2014-6564 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559
TreeView+ depends on / blocked
 
Reported: 2014-10-16 04:43 UTC by Murray McAllister
Modified: 2015-03-14 19:42 UTC (History)
3 users (show)

Fixed In Version: community-mysql-5.6.23-1.fc22, community-mysql-5.6.23-1.fc21, community-mysql-5.5.42-1.fc20
Doc Type: Release Note
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-14 19:42:16 UTC


Attachments (Terms of Use)

Description Murray McAllister 2014-10-16 04:43:35 UTC
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s).  This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time.  If you need to fix the versions independent of each other,
you may clone this bug as appropriate.

[bug automatically created by: add-tracking-bugs]

Comment 1 Murray McAllister 2014-10-16 04:43:41 UTC
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153461,1153469

# Description of your update
notes=Security fix for CVE-2014-4287

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153461,1153469

Comment 2 Murray McAllister 2014-10-16 04:44:00 UTC
Adding parent bug 1153462 (for CVE-2014-6463).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462

# Description of your update
notes=Security fix for CVE-2014-4287, CVE-2014-6463

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462

Comment 3 Murray McAllister 2014-10-16 04:44:18 UTC
Adding parent bug 1153463 (for CVE-2014-6464).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463

# Description of your update
notes=Security fix for CVE-2014-4287, CVE-2014-6463, CVE-2014-6464

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463

Comment 4 Murray McAllister 2014-10-16 04:44:36 UTC
Adding parent bug 1153464 (for CVE-2014-6469).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464

# Description of your update
notes=Security fix for CVE-2014-6464, CVE-2014-4287, CVE-2014-6463, CVE-2014-6469

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464

Comment 5 Murray McAllister 2014-10-16 04:44:54 UTC
Adding parent bug 1153465 (for CVE-2014-6474).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465

# Description of your update
notes=Security fix for CVE-2014-6464, CVE-2014-4287, CVE-2014-6469, CVE-2014-6463, CVE-2014-6474

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465

Comment 6 Murray McAllister 2014-10-16 04:45:13 UTC
Adding parent bug 1153466 (for CVE-2014-6478).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466

# Description of your update
notes=Security fix for CVE-2014-6464, CVE-2014-4287, CVE-2014-6474, CVE-2014-6469, CVE-2014-6463, CVE-2014-6478

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466

Comment 7 Murray McAllister 2014-10-16 04:45:31 UTC
Adding parent bug 1153467 (for CVE-2014-6484).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467

# Description of your update
notes=Security fix for CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6469, CVE-2014-6464, CVE-2014-6463, CVE-2014-6484

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467

Comment 8 Murray McAllister 2014-10-16 05:59:09 UTC
Adding parent bug 1153489 (for CVE-2014-6505).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489

# Description of your update
notes=Security fix for CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6463, CVE-2014-6505

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489

Comment 9 Murray McAllister 2014-10-16 05:59:27 UTC
Adding parent bug 1153490 (for CVE-2014-6507).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490

# Description of your update
notes=Security fix for CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6463, CVE-2014-6507

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490

Comment 10 Murray McAllister 2014-10-16 05:59:45 UTC
Adding parent bug 1153491 (for CVE-2014-6520).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491

# Description of your update
notes=Security fix for CVE-2014-6507, CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6463, CVE-2014-6520

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491

Comment 11 Murray McAllister 2014-10-16 06:00:03 UTC
Adding parent bug 1153493 (for CVE-2014-6530).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493

# Description of your update
notes=Security fix for CVE-2014-6507, CVE-2014-6520, CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6463, CVE-2014-6530

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493

Comment 12 Murray McAllister 2014-10-16 06:00:21 UTC
Adding parent bug 1153494 (for CVE-2014-6551).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494

# Description of your update
notes=Security fix for CVE-2014-6507, CVE-2014-6520, CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6530, CVE-2014-6463, CVE-2014-6551

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494

Comment 13 Murray McAllister 2014-10-16 06:00:40 UTC
Adding parent bug 1153495 (for CVE-2014-6555).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494,1153495

# Description of your update
notes=Security fix for CVE-2014-6507, CVE-2014-6520, CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6551, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6530, CVE-2014-6463, CVE-2014-6555

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494,1153495

Comment 14 Murray McAllister 2014-10-16 06:00:58 UTC
Adding parent bug 1153496 (for CVE-2014-6559).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494,1153495,1153496

# Description of your update
notes=Security fix for CVE-2014-6507, CVE-2014-6520, CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6555, CVE-2014-6478, CVE-2014-6551, CVE-2014-6469, CVE-2014-6484, CVE-2014-6464, CVE-2014-6530, CVE-2014-6463, CVE-2014-6559

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494,1153495,1153496

Comment 15 Murray McAllister 2014-10-16 06:01:16 UTC
Adding parent bug 1153497 (for CVE-2014-6564).  Please use this new fedpkg update template when submitting the update:

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494,1153495,1153496,1153497

# Description of your update
notes=Security fix for CVE-2014-6507, CVE-2014-6520, CVE-2014-6505, CVE-2014-6474, CVE-2014-4287, CVE-2014-6478, CVE-2014-6551, CVE-2014-6555, CVE-2014-6484, CVE-2014-6464, CVE-2014-6559, CVE-2014-6530, CVE-2014-6463, CVE-2014-6469, CVE-2014-6564

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi update submission link instead:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1153469,1153461,1153462,1153463,1153464,1153465,1153466,1153467,1153489,1153490,1153491,1153493,1153494,1153495,1153496,1153497

Comment 16 Tomas Hoger 2014-10-16 08:17:50 UTC
Removing yaSSL issue CVE-2014-6478.

Comment 18 Honza Horak 2015-03-14 19:42:16 UTC
Fixed already for some time:
community-mysql-5.6.23-1.fc22, community-mysql-5.6.23-1.fc21, community-mysql-5.5.42-1.fc20


Note You need to log in before you can comment on or make changes to this bug.