Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:0173
HistoryFeb 19, 2014 - 5:28 p.m.

mysql55 security update

2014-02-1917:28:37
CentOS Project
lists.centos.org
50

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.952 High

EPSS

Percentile

99.3%

JSON

CentOS Errata and Security Advisory CESA-2014:0173

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2013-5807,
CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908)

A buffer overflow flaw was found in the way the MySQL command line client
tool (mysql) processed excessively long version strings. If a user
connected to a malicious MySQL server via the mysql client, the server
could use this flaw to crash the mysql client or, potentially, execute
arbitrary code as the user running the mysql client. (CVE-2014-0001)

The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat
Security Response Team.

These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL
Release Notes listed in the References section for a complete list
of changes.

All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-February/082327.html

Affected packages:
mysql55-mysql
mysql55-mysql-bench
mysql55-mysql-devel
mysql55-mysql-libs
mysql55-mysql-server
mysql55-mysql-test

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0173

Related

nessus 46
openvas 56
redhat 4
veracode 12
oraclelinux 2
centos 3
ubuntu 2
debian 8
amazon 2
f5 4
fedora 8
gentoo 1
suse 1
mariadbunix 11
ubuntucve 12
prion 12
cve 12
slackware 1
checkpoint_advisories 1
osv 1
nessus
nessus
CentOS 5 : mysql55-mysql (CESA-2014:0186)
2014-02-20 00:00:00
Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)
2014-02-19 00:00:00
RHEL 5 : mysql55-mysql (RHSA-2014:0186)
2014-02-19 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-0186)
2015-10-06 00:00:00
CentOS Update for mysql55-mysql CESA-2014:0186 centos5
2014-02-20 00:00:00
RedHat Update for mysql55-mysql RHSA-2014:0186-01
2014-02-20 00:00:00
redhat
redhat
(RHSA-2014:0189) Moderate: mariadb55-mariadb security update
2014-02-19 00:00:00
(RHSA-2014:0173) Moderate: mysql55-mysql security update
2014-02-13 00:00:00
(RHSA-2014:0186) Moderate: mysql55-mysql security update
2014-02-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 01:23:04
Improper Access Control
2019-05-02 04:57:29
Denial Of Service (DoS)
2019-05-02 04:56:40
oraclelinux
oraclelinux
mysql55-mysql security update
2014-02-18 00:00:00
mysql security and bug fix update
2014-02-12 00:00:00
centos
centos
mariadb55 security update
2014-02-26 15:32:19
mysql55 security update
2014-02-19 13:53:22
mysql security update
2014-02-12 19:48:34
ubuntu
ubuntu
MySQL vulnerabilities
2014-01-21 00:00:00
MySQL vulnerabilities
2013-10-24 00:00:00
debian
debian
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2845-1] mysql-5.1 security update
2014-01-17 15:48:55
amazon
amazon
Medium: mysql51
2014-03-06 14:56:00
Low: mysql51
2013-11-03 12:08:00
f5
f5
K16389 : Multiple MySQL vulnerabilities
2015-07-22 00:00:00
SOL16389 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
SOL16385 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19
2014-04-29 05:23:30
[SECURITY] Fedora 20 Update: mariadb-5.5.37-1.fc20
2014-04-29 05:27:03
[SECURITY] Fedora 20 Update: mariadb-5.5.39-1.fc20
2014-09-10 13:30:09
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
mariadbunix
mariadbunix
CVE-2013-5891
2014-01-15 16:08:00
CVE-2013-5908
2014-01-15 16:08:00
CVE-2013-5807
2013-10-16 17:55:00
ubuntucve
ubuntucve
CVE-2013-5891
2014-01-15 00:00:00
CVE-2013-5908
2014-01-15 00:00:00
CVE-2013-5807
2013-10-16 00:00:00
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2013-10-16 17:55:00
cve
cve
CVE-2013-5891
2014-01-15 16:08:00
CVE-2013-5908
2014-01-15 16:08:00
CVE-2013-5807
2013-10-16 17:55:00
slackware
slackware
mariadb, mysql
2014-02-19 20:24:35
checkpoint_advisories
checkpoint_advisories
Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)
2014-03-16 00:00:00
osv
osv
mysql-5.1 - security update
2014-10-22 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.952 High

EPSS

Percentile

99.3%

JSON
Related for CESA-2014:0173
nessus46openvas56redhat4veracode12oraclelinux2centos3ubuntu2debian8amazon2f54fedora8gentoo1suse1mariadbunix11ubuntucve12prion12cve12slackware1checkpoint_advisories1osv1