Bug 861493 - (CVE-2014-0001) VUL-0: CVE-2014-0001: mysql: command-line tool buffer overflow via long server version string
(CVE-2014-0001)
VUL-0: CVE-2014-0001: mysql: command-line tool buffer overflow via long serve...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Roman Drahtmueller
Security Team bot
maint:released:sle11-sp3:57533
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-31 10:30 UTC by Alexander Bergmann
Modified: 2014-07-30 12:29 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Patch for CVE-2014-0001 (517 bytes, patch)
2014-05-09 09:38 UTC, Johannes Segitz
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-01-31 10:30:11 UTC
The MySQL and MariaDB command line clients are affected by an buffer overflow when receiving the server version string.

The solution is straight forward:
http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64

CVE-2014-0001 was assigned by this issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
Comment 1 Swamp Workflow Management 2014-01-31 23:00:44 UTC
bugbot adjusting priority
Comment 2 Johannes Segitz 2014-05-09 09:38:51 UTC
Created attachment 589303 [details]
Patch for CVE-2014-0001

Patch for this issue. Could be already fixed in 5.5.37
Comment 3 Swamp Workflow Management 2014-05-09 09:41:08 UTC
The SWAMPID for this issue is 57284.
This issue was rated as important.
Please submit fixed packages until 2014-05-16.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Swamp Workflow Management 2014-06-06 18:52:34 UTC
Update released for: libmysql55client18, libmysql55client18-32bit, libmysql55client18-64bit, libmysql55client18-x86, libmysql55client_r18, libmysql55client_r18-32bit, libmysql55client_r18-64bit, libmysql55client_r18-x86, libmysqlclient-devel, libmysqlclient15, libmysqlclient15-32bit, libmysqlclient15-64bit, libmysqlclient15-x86, libmysqlclient_r15, libmysqlclient_r15-32bit, libmysqlclient_r15-64bit, libmysqlclient_r15-x86, mysql, mysql-Max, mysql-bench, mysql-client, mysql-debug, mysql-debug-version, mysql-debuginfo, mysql-debugsource, mysql-test, mysql-tools
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 5 Victor Pereira 2014-07-30 12:29:06 UTC
fixed and released