ID CVE-2014-2438
Summary Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
References
Vulnerable Configurations
  • MySQL 5.5.0
    cpe:2.3:a:mysql:mysql:5.5.0
  • MySQL 5.5.1
    cpe:2.3:a:mysql:mysql:5.5.1
  • MySQL 5.5.2
    cpe:2.3:a:mysql:mysql:5.5.2
  • MySQL 5.5.3
    cpe:2.3:a:mysql:mysql:5.5.3
  • MySQL 5.5.4
    cpe:2.3:a:mysql:mysql:5.5.4
  • MySQL 5.5.5
    cpe:2.3:a:mysql:mysql:5.5.5
  • MySQL 5.5.6
    cpe:2.3:a:mysql:mysql:5.5.6
  • MySQL 5.5.7
    cpe:2.3:a:mysql:mysql:5.5.7
  • MySQL 5.5.8
    cpe:2.3:a:mysql:mysql:5.5.8
  • MySQL 5.5.9
    cpe:2.3:a:mysql:mysql:5.5.9
  • Oracle MySQL 5.5.10
    cpe:2.3:a:oracle:mysql:5.5.10
  • Oracle MySQL 5.5.11
    cpe:2.3:a:oracle:mysql:5.5.11
  • Oracle MySQL 5.5.12
    cpe:2.3:a:oracle:mysql:5.5.12
  • Oracle MySQL 5.5.13
    cpe:2.3:a:oracle:mysql:5.5.13
  • Oracle MySQL 5.5.14
    cpe:2.3:a:oracle:mysql:5.5.14
  • Oracle MySQL 5.5.15
    cpe:2.3:a:oracle:mysql:5.5.15
  • Oracle MySQL 5.5.16
    cpe:2.3:a:oracle:mysql:5.5.16
  • Oracle MySQL 5.5.17
    cpe:2.3:a:oracle:mysql:5.5.17
  • Oracle MySQL 5.5.18
    cpe:2.3:a:oracle:mysql:5.5.18
  • Oracle MySQL 5.5.19
    cpe:2.3:a:oracle:mysql:5.5.19
  • Oracle MySQL 5.5.20
    cpe:2.3:a:oracle:mysql:5.5.20
  • Oracle MySQL 5.5.21
    cpe:2.3:a:oracle:mysql:5.5.21
  • Oracle MySQL 5.5.22
    cpe:2.3:a:oracle:mysql:5.5.22
  • Oracle MySQL 5.5.23
    cpe:2.3:a:oracle:mysql:5.5.23
  • Oracle MySQL 5.5.24
    cpe:2.3:a:oracle:mysql:5.5.24
  • Oracle MySQL 5.5.25
    cpe:2.3:a:oracle:mysql:5.5.25
  • Oracle MySQL 5.5.25a
    cpe:2.3:a:oracle:mysql:5.5.25:a
  • Oracle MySQL 5.5.26
    cpe:2.3:a:oracle:mysql:5.5.26
  • Oracle MySQL 5.5.27
    cpe:2.3:a:oracle:mysql:5.5.27
  • Oracle MySQL 5.5.28
    cpe:2.3:a:oracle:mysql:5.5.28
  • Oracle MySQL 5.5.29
    cpe:2.3:a:oracle:mysql:5.5.29
  • Oracle MySQL 5.5.30
    cpe:2.3:a:oracle:mysql:5.5.30
  • Oracle MySQL 5.5.31
    cpe:2.3:a:oracle:mysql:5.5.31
  • Oracle MySQL 5.5.32
    cpe:2.3:a:oracle:mysql:5.5.32
  • Oracle MySQL 5.5.33
    cpe:2.3:a:oracle:mysql:5.5.33
  • Oracle MySQL 5.5.34
    cpe:2.3:a:oracle:mysql:5.5.34
  • Oracle MySQL 5.5.35
    cpe:2.3:a:oracle:mysql:5.5.35
  • Oracle MySQL 5.6.0
    cpe:2.3:a:oracle:mysql:5.6.0
  • Oracle MySQL 5.6.1
    cpe:2.3:a:oracle:mysql:5.6.1
  • Oracle MySQL 5.6.2
    cpe:2.3:a:oracle:mysql:5.6.2
  • Oracle MySQL 5.6.3
    cpe:2.3:a:oracle:mysql:5.6.3
  • Oracle MySQL 5.6.4
    cpe:2.3:a:oracle:mysql:5.6.4
  • Oracle MySQL 5.6.5
    cpe:2.3:a:oracle:mysql:5.6.5
  • Oracle MySQL 5.6.6
    cpe:2.3:a:oracle:mysql:5.6.6
  • Oracle MySQL 5.6.7
    cpe:2.3:a:oracle:mysql:5.6.7
  • Oracle MySQL 5.6.8
    cpe:2.3:a:oracle:mysql:5.6.8
  • Oracle MySQL 5.6.9
    cpe:2.3:a:oracle:mysql:5.6.9
  • Oracle MySQL 5.6.10
    cpe:2.3:a:oracle:mysql:5.6.10
  • Oracle MySQL 5.6.11
    cpe:2.3:a:oracle:mysql:5.6.11
  • Oracle MySQL 5.6.12
    cpe:2.3:a:oracle:mysql:5.6.12
  • Oracle MySQL 5.6.13
    cpe:2.3:a:oracle:mysql:5.6.13
  • Oracle MySQL 5.6.14
    cpe:2.3:a:oracle:mysql:5.6.14
  • Oracle MySQL 5.6.15
    cpe:2.3:a:oracle:mysql:5.6.15
CVSS
Base: 3.5 (as of 16-04-2014 - 13:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Databases
    NASL id MYSQL_5_6_16.NASL
    description The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.16. It is, therefore, affected by vulnerabilities in the following components : - DML - ENFED - Federated - MyISAM - Optimizer - Partition - Privileges - Replication - XML
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 73573
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73573
    title MySQL 5.6.x < 5.6.16 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_5_36.NASL
    description The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.36. It is, therefore, affected by vulnerabilities in the following components : - ENFED - Federated - Partition - Replication - XML
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 73572
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73572
    title MySQL 5.5.x < 5.5.36 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0702.NASL
    description From Red Hat Security Advisory 2014:0702 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 76735
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76735
    title Oracle Linux 7 : mariadb (ELSA-2014-0702)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-152-01.NASL
    description New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2019-02-21
    modified 2014-06-11
    plugin id 74255
    published 2014-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74255
    title Slackware 14.1 / current : mariadb (SSA:2014-152-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2170-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml Additionally, Matthias Reichl discovered that the mysql-5.5 packages were missing the patches applied previously in the mysql-5.1 packages to drop the default test database and localhost permissions granting access to any databases starting with 'test_'. This update reintroduces these patches for Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10. Existing test databases and permissions will not be modified on upgrade. To manually restrict access for existing installations, please refer to the following : http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 73680
    published 2014-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73680
    title Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2170-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201409-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77548
    published 2014-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77548
    title GLSA-201409-04 : MySQL: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQL55CLIENT18-140527.NASL
    description MySQL was updated to version 5.5.37 to address various security issues. More information is available at http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml#AppendixMSQL and http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml#AppendixMSQL .
    last seen 2019-02-21
    modified 2014-06-07
    plugin id 74373
    published 2014-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74373
    title SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140522_MYSQL55_MYSQL_ON_SL5_X.NASL
    description This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 74172
    published 2014-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74172
    title Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5409.NASL
    description This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 73750
    published 2014-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73750
    title Fedora 19 : mariadb-5.5.37-1.fc19 (2014-5409)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5396.NASL
    description Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 73749
    published 2014-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73749
    title Fedora 19 : community-mysql-5.5.37-1.fc19 (2014-5396)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-329.NASL
    description This update fixes numerous unspecified (by upstream) vulnerabilities in the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78272
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78272
    title Amazon Linux AMI : mysql55 (ALAS-2014-329)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2919.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 36.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 37.html - http://www.oracle.com/technetwork/topics/security/cpuapr 2014-1972952.html
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 73855
    published 2014-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73855
    title Debian DSA-2919-1 : mysql-5.5 - security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-091.NASL
    description This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82344
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82344
    title Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5393.NASL
    description This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 73748
    published 2014-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73748
    title Fedora 20 : mariadb-5.5.37-1.fc20 (2014-5393)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6120.NASL
    description This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Initial build Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 74046
    published 2014-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74046
    title Fedora 20 : mariadb-galera-5.5.37-2.fc20 (2014-6120)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0536.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74141
    published 2014-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74141
    title CentOS 5 : mysql55-mysql (CESA-2014:0536)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0536.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 74144
    published 2014-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74144
    title RHEL 5 : mysql55-mysql (RHSA-2014:0536)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0537.NASL
    description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0537.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74142
    published 2014-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74142
    title CentOS 6 : Moderate: / mysql55-mysql (CESA-2014:0537)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0536.NASL
    description From Red Hat Security Advisory 2014:0536 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 74143
    published 2014-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74143
    title Oracle Linux 5 : mysql55-mysql (ELSA-2014-0536)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5369.NASL
    description Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 73747
    published 2014-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73747
    title Fedora 20 : community-mysql-5.5.37-1.fc20 (2014-5369)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-102.NASL
    description Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML (CVE-2014-0384). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2014-2419). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema (CVE-2014-2430). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options (CVE-2014-2431). Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated (CVE-2014-2432). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR (CVE-2014-2436). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-2438). Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-2440). The updated packages have been upgraded to the 5.5.37 version which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 74080
    published 2014-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74080
    title Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0522.NASL
    description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0522.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74128
    published 2014-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74128
    title CentOS 6 : Moderate: / mariadb55-mariadb (CESA-2014:0522)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0702.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 76897
    published 2014-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76897
    title RHEL 7 : mariadb (RHSA-2014:0702)
redhat via4
advisories
  • bugzilla
    id 1088197
    title CVE-2014-2440 mysql: unspecified vulnerability related to Client (CPU April 2014)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment mysql55-mysql is earlier than 0:5.5.37-1.el5
          oval oval:com.redhat.rhsa:tst:20140536002
        • comment mysql55-mysql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186003
      • AND
        • comment mysql55-mysql-bench is earlier than 0:5.5.37-1.el5
          oval oval:com.redhat.rhsa:tst:20140536010
        • comment mysql55-mysql-bench is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186009
      • AND
        • comment mysql55-mysql-devel is earlier than 0:5.5.37-1.el5
          oval oval:com.redhat.rhsa:tst:20140536012
        • comment mysql55-mysql-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186011
      • AND
        • comment mysql55-mysql-libs is earlier than 0:5.5.37-1.el5
          oval oval:com.redhat.rhsa:tst:20140536008
        • comment mysql55-mysql-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186005
      • AND
        • comment mysql55-mysql-server is earlier than 0:5.5.37-1.el5
          oval oval:com.redhat.rhsa:tst:20140536004
        • comment mysql55-mysql-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186007
      • AND
        • comment mysql55-mysql-test is earlier than 0:5.5.37-1.el5
          oval oval:com.redhat.rhsa:tst:20140536006
        • comment mysql55-mysql-test is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186013
    rhsa
    id RHSA-2014:0536
    released 2014-05-22
    severity Moderate
    title RHSA-2014:0536: mysql55-mysql security update (Moderate)
  • bugzilla
    id 1088197
    title CVE-2014-2440 mysql: unspecified vulnerability related to Client (CPU April 2014)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment mariadb is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702005
        • comment mariadb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702006
      • AND
        • comment mariadb-bench is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702011
        • comment mariadb-bench is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702012
      • AND
        • comment mariadb-devel is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702017
        • comment mariadb-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702018
      • AND
        • comment mariadb-embedded is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702013
        • comment mariadb-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702014
      • AND
        • comment mariadb-embedded-devel is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702009
        • comment mariadb-embedded-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702010
      • AND
        • comment mariadb-libs is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702007
        • comment mariadb-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702008
      • AND
        • comment mariadb-server is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702019
        • comment mariadb-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702020
      • AND
        • comment mariadb-test is earlier than 1:5.5.37-1.el7_0
          oval oval:com.redhat.rhsa:tst:20140702015
        • comment mariadb-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702016
    rhsa
    id RHSA-2014:0702
    released 2014-06-10
    severity Moderate
    title RHSA-2014:0702: mariadb security update (Moderate)
  • rhsa
    id RHSA-2014:0522
  • rhsa
    id RHSA-2014:0537
rpms
  • mysql55-mysql-0:5.5.37-1.el5
  • mysql55-mysql-bench-0:5.5.37-1.el5
  • mysql55-mysql-devel-0:5.5.37-1.el5
  • mysql55-mysql-libs-0:5.5.37-1.el5
  • mysql55-mysql-server-0:5.5.37-1.el5
  • mysql55-mysql-test-0:5.5.37-1.el5
  • mariadb-1:5.5.37-1.el7_0
  • mariadb-bench-1:5.5.37-1.el7_0
  • mariadb-devel-1:5.5.37-1.el7_0
  • mariadb-embedded-1:5.5.37-1.el7_0
  • mariadb-embedded-devel-1:5.5.37-1.el7_0
  • mariadb-libs-1:5.5.37-1.el7_0
  • mariadb-server-1:5.5.37-1.el7_0
  • mariadb-test-1:5.5.37-1.el7_0
refmap via4
bid 66846
confirm http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
gentoo GLSA-201409-04
Last major update 06-01-2017 - 21:59
Published 15-04-2014 - 22:55
Last modified 20-12-2017 - 21:29
Back to Top