Executive Summary
Summary | |
---|---|
Title | mysql55-mysql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2014:1860 | First vendor Publication | 2014-11-17 |
Vendor | RedHat | Last vendor Modification | 2014-11-17 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2014-1860.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:25101 | |||
Oval ID: | oval:org.mitre.oval:def:25101 | ||
Title: | USN-2291-1 -- mysql-5.5 vulnerabilities | ||
Description: | Several security issues were fixed in MySQL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2291-1 CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 | Version: | 3 |
Platform(s): | Ubuntu 14.04 Ubuntu 12.04 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26099 | |||
Oval ID: | oval:org.mitre.oval:def:26099 | ||
Title: | DSA-2985-1 -- mysql-5.5 - security update | ||
Description: | Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2985-1 CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26454 | |||
Oval ID: | oval:org.mitre.oval:def:26454 | ||
Title: | SUSE-SU-2014:1072-1 -- Security update for MySQL | ||
Description: | This MySQL update provides the following:upgrade to version 5.5.39 | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1072-1 CVE-2014-2484 CVE-2014-4258 CVE-2014-4260 CVE-2014-2494 CVE-2014-4238 CVE-2014-4207 CVE-2014-4233 CVE-2014-4240 CVE-2014-4214 CVE-2014-4243 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | MySQL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26769 | |||
Oval ID: | oval:org.mitre.oval:def:26769 | ||
Title: | USN-2384-1 -- MySQL vulnerabilities | ||
Description: | Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2384-1 CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 3 |
Platform(s): | Ubuntu 14.04 Ubuntu 12.04 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26773 | |||
Oval ID: | oval:org.mitre.oval:def:26773 | ||
Title: | DEPRECATED: SUSE-SU-2014:1072-1 -- Security update for MySQL | ||
Description: | This MySQL update provides the following:upgrade to version 5.5.39 | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1072-1 CVE-2014-2484 CVE-2014-4258 CVE-2014-4260 CVE-2014-2494 CVE-2014-4238 CVE-2014-4207 CVE-2014-4233 CVE-2014-4240 CVE-2014-4214 CVE-2014-4243 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | MySQL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27137 | |||
Oval ID: | oval:org.mitre.oval:def:27137 | ||
Title: | DSA-3054-1 mysql-5.5 - security update | ||
Description: | Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3054-1 CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27610 | |||
Oval ID: | oval:org.mitre.oval:def:27610 | ||
Title: | RHSA-2014:1861 -- mariadb security update (Important) | ||
Description: | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1861 CESA-2014:1861 CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | mariadb |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28389 | |||
Oval ID: | oval:org.mitre.oval:def:28389 | ||
Title: | RHSA-2014:1859 -- mysql55-mysql security update (Important) | ||
Description: | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1859 CESA-2014:1859 CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql55-mysql |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-07-17 | IAVM : 2014-A-0106 - Multiple Vulnerabilities in Oracle MySQL Product Suite Severity : Category I - VMSKEY : V0053189 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-23 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-479.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-150302.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-091.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-75.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Fedora host is missing a security update. File : fedora_2014-16003.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-14791.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141117_mysql55_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141117_mariadb_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-02.nasl - Type : ACT_GATHER_INFO |
2014-11-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-307-01.nasl - Type : ACT_GATHER_INFO |
2014-10-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-210.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3054.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-428.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2384-1.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_21.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_20.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_39.nasl - Type : ACT_GATHER_INFO |
2014-08-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-140820.nasl - Type : ACT_GATHER_INFO |
2014-08-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-140819.nasl - Type : ACT_GATHER_INFO |
2014-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2985.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2291-1.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_19.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_38.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_36.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_16.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-12-18 21:21:59 |
|
2014-11-17 13:24:38 |
|