Sicherheit: Mehrere Probleme in MariaDB

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1414484650-12273-0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:210
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mariadb
Date : October 28, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in mariadb:

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:INNODB DML FOREIGN KEYS
(CVE-2014-6464).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,
and 5.6.20 and earlier, allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6507).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6555).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier, and 5.6.20 and earlier, allows remote attackers to affect
confidentiality via vectors related to C API SSL CERTIFICATE HANDLING
(CVE-2014-6559).

The updated packages have been upgraded to the 5.5.40 version which
is not vulnerable to these issues.

Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from
the source tarball and only builds with jemalloc if a system copy
of the jemalloc library is detecting during the build. This update
provides the jemalloc library packages to resolve this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
https://bugs.mageia.org/show_bug.cgi?id=14389
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
d3777064729ac827717ee166be4d6536
mbs1/x86_64/lib64jemalloc1-3.6.0-1.mbs1.x86_64.rpm
3544defe7a86633549c42285508dc09b
mbs1/x86_64/lib64jemalloc-devel-3.6.0-1.mbs1.x86_64.rpm
412cf1c80ce6310949189a399019cd82
mbs1/x86_64/lib64mariadb18-5.5.40-1.1.mbs1.x86_64.rpm
354662572fd04b7b8e4bf2f6ea4ab1b6
mbs1/x86_64/lib64mariadb-devel-5.5.40-1.1.mbs1.x86_64.rpm
eb88bc949042a53e31e07f231aaa79e9
mbs1/x86_64/lib64mariadb-embedded18-5.5.40-1.1.mbs1.x86_64.rpm
662b8680f36ef37b22546cb9cb7999f2
mbs1/x86_64/lib64mariadb-embedded-devel-5.5.40-1.1.mbs1.x86_64.rpm
a46730286be82d1ac546517272004234
mbs1/x86_64/mariadb-5.5.40-1.1.mbs1.x86_64.rpm
07e236cfab3ac7c225a5b61c0f74498b
mbs1/x86_64/mariadb-bench-5.5.40-1.1.mbs1.x86_64.rpm
4d277e041e4eac4f3da19e35b77f5958
mbs1/x86_64/mariadb-client-5.5.40-1.1.mbs1.x86_64.rpm
51ac1072841e4227f2082620e389b00a
mbs1/x86_64/mariadb-common-5.5.40-1.1.mbs1.x86_64.rpm
e7e7390b3dc47d105cb0735e884fc60b
mbs1/x86_64/mariadb-common-core-5.5.40-1.1.mbs1.x86_64.rpm
b1809dc518b89e3a986439db654fc92b
mbs1/x86_64/mariadb-core-5.5.40-1.1.mbs1.x86_64.rpm
c7a4f6e406a442e4c3b19a3ceccb211a
mbs1/x86_64/mariadb-extra-5.5.40-1.1.mbs1.x86_64.rpm
6fe78e03875f2ec2227f6ef7d0f90e18
mbs1/x86_64/mariadb-feedback-5.5.40-1.1.mbs1.x86_64.rpm
1ef05e7a3532d97afb4dfa68f2d5b66a
mbs1/x86_64/mariadb-obsolete-5.5.40-1.1.mbs1.x86_64.rpm
842bec02ddec2fd3dca28e907080aef5
mbs1/x86_64/mysql-MariaDB-5.5.40-1.1.mbs1.x86_64.rpm
c820c46809e494c1d5ad83526d1f1ed1 mbs1/SRPMS/jemalloc-3.6.0-1.mbs1.src.rpm
7e6c522174ff1513cd9f09b2cf5feffc mbs1/SRPMS/mariadb-5.5.40-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUT0QSmqjQ0CJFipgRAmnhAKCOd9QLoxRrlcA8U4XLA46+ZhjfFwCfQzhY
tRKQjAv7QAJqbwipIkIIC8Q=
=uyHd
-----END PGP SIGNATURE-----

------------=_1414484650-12273-0
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________

------------=_1414484650-12273-0--