Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:0189
HistoryFeb 26, 2014 - 3:32 p.m.

mariadb55 security update

2014-02-2615:32:19
CentOS Project
lists.centos.org
48

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.952 High

EPSS

Percentile

99.3%

JSON

CentOS Errata and Security Advisory CESA-2014:0189

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

This update fixes several vulnerabilities in the MariaDB database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2013-5807,
CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908)

A buffer overflow flaw was found in the way the MariaDB command line client
tool (mysql) processed excessively long version strings. If a user
connected to a malicious MariaDB server via the mysql client, the server
could use this flaw to crash the mysql client or, potentially, execute
arbitrary code as the user running the mysql client. (CVE-2014-0001)

The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat
Security Response Team.

These updated packages upgrade MariaDB to version 5.5.35. Refer to the
MariaDB Release Notes listed in the References section for a complete list
of changes.

All MariaDB users should upgrade to these updated packages, which correct
these issues. After installing this update, the MariaDB server daemon
(mysqld) will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-February/082341.html

Affected packages:
mariadb55-mariadb
mariadb55-mariadb-bench
mariadb55-mariadb-devel
mariadb55-mariadb-libs
mariadb55-mariadb-server
mariadb55-mariadb-test

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0189

Related

openvas 56
redhat 4
nessus 46
veracode 12
oraclelinux 2
centos 3
debian 8
ubuntu 2
amazon 2
f5 4
fedora 8
gentoo 1
suse 1
mariadbunix 11
ubuntucve 12
prion 12
cve 12
slackware 1
checkpoint_advisories 1
osv 1
openvas
openvas
CentOS Update for mysql55-mysql CESA-2014:0186 centos5
2014-02-20 00:00:00
RedHat Update for mysql55-mysql RHSA-2014:0186-01
2014-02-20 00:00:00
CentOS Update for mysql55-mysql CESA-2014:0186 centos5
2014-02-20 00:00:00
redhat
redhat
(RHSA-2014:0189) Moderate: mariadb55-mariadb security update
2014-02-19 00:00:00
(RHSA-2014:0173) Moderate: mysql55-mysql security update
2014-02-13 00:00:00
(RHSA-2014:0186) Moderate: mysql55-mysql security update
2014-02-18 00:00:00
nessus
nessus
RHEL 5 : mysql55-mysql (RHSA-2014:0186)
2014-02-19 00:00:00
CentOS 5 : mysql55-mysql (CESA-2014:0186)
2014-02-20 00:00:00
Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)
2014-02-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 01:23:04
Improper Access Control
2019-05-02 04:57:29
Denial Of Service (DoS)
2019-05-02 04:56:40
oraclelinux
oraclelinux
mysql55-mysql security update
2014-02-18 00:00:00
mysql security and bug fix update
2014-02-12 00:00:00
centos
centos
mysql55 security update
2014-02-19 17:28:37
mysql55 security update
2014-02-19 13:53:22
mysql security update
2014-02-12 19:48:34
debian
debian
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2845-1] mysql-5.1 security update
2014-01-17 15:48:55
ubuntu
ubuntu
MySQL vulnerabilities
2014-01-21 00:00:00
MySQL vulnerabilities
2013-10-24 00:00:00
amazon
amazon
Medium: mysql51
2014-03-06 14:56:00
Low: mysql51
2013-11-03 12:08:00
f5
f5
K16389 : Multiple MySQL vulnerabilities
2015-07-22 00:00:00
SOL16389 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
SOL16385 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19
2014-04-29 05:23:30
[SECURITY] Fedora 20 Update: mariadb-5.5.39-1.fc20
2014-09-10 13:30:09
[SECURITY] Fedora 19 Update: mariadb-5.5.39-1.fc19
2014-09-10 13:31:10
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
mariadbunix
mariadbunix
CVE-2013-5891
2014-01-15 16:08:00
CVE-2013-5908
2014-01-15 16:08:00
CVE-2013-5807
2013-10-16 17:55:00
ubuntucve
ubuntucve
CVE-2013-5891
2014-01-15 00:00:00
CVE-2013-5908
2014-01-15 00:00:00
CVE-2013-5807
2013-10-16 00:00:00
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2013-10-16 17:55:00
cve
cve
CVE-2013-5908
2014-01-15 16:08:00
CVE-2013-5891
2014-01-15 16:08:00
CVE-2013-5807
2013-10-16 17:55:00
slackware
slackware
mariadb, mysql
2014-02-19 20:24:35
checkpoint_advisories
checkpoint_advisories
Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)
2014-03-16 00:00:00
osv
osv
mysql-5.1 - security update
2014-10-22 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.952 High

EPSS

Percentile

99.3%

JSON
Related for CESA-2014:0189
openvas56redhat4nessus46veracode12oraclelinux2centos3debian8ubuntu2amazon2f54fedora8gentoo1suse1mariadbunix11ubuntucve12prion12cve12slackware1checkpoint_advisories1osv1