Bug 861493 (CVE-2014-0001)

Summary: VUL-0: CVE-2014-0001: mysql: command-line tool buffer overflow via long server version string
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Roman Drahtmueller <draht>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: vpereira
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle11-sp3:57533
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Patch for CVE-2014-0001

Description Alexander Bergmann 2014-01-31 10:30:11 UTC
The MySQL and MariaDB command line clients are affected by an buffer overflow when receiving the server version string.

The solution is straight forward:

CVE-2014-0001 was assigned by this issue.

Comment 1 Swamp Workflow Management 2014-01-31 23:00:44 UTC
bugbot adjusting priority
Comment 2 Johannes Segitz 2014-05-09 09:38:51 UTC
Created attachment 589303 [details]
Patch for CVE-2014-0001

Patch for this issue. Could be already fixed in 5.5.37
Comment 3 Swamp Workflow Management 2014-05-09 09:41:08 UTC
The SWAMPID for this issue is 57284.
This issue was rated as important.
Please submit fixed packages until 2014-05-16.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Swamp Workflow Management 2014-06-06 18:52:34 UTC
Update released for: libmysql55client18, libmysql55client18-32bit, libmysql55client18-64bit, libmysql55client18-x86, libmysql55client_r18, libmysql55client_r18-32bit, libmysql55client_r18-64bit, libmysql55client_r18-x86, libmysqlclient-devel, libmysqlclient15, libmysqlclient15-32bit, libmysqlclient15-64bit, libmysqlclient15-x86, libmysqlclient_r15, libmysqlclient_r15-32bit, libmysqlclient_r15-64bit, libmysqlclient_r15-x86, mysql, mysql-Max, mysql-bench, mysql-client, mysql-debug, mysql-debug-version, mysql-debuginfo, mysql-debugsource, mysql-test, mysql-tools
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 5 Victor Pereira 2014-07-30 12:29:06 UTC
fixed and released