Bugzilla – Bug 873896
VUL-0: mysql: multiple security issues (2014/04)
Last modified: 2016-02-05 03:50:55 UTC
Via: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html Appendix - Oracle MySQL CVE-2014-2444 - InnoDB - 5.6.15 and earlier CVE-2014-2436 - RBR - 5.5.36 and earlier, 5.6.16 and earlier CVE-2014-2440 - Client - 5.5.36 and earlier, 5.6.16 and earlier CVE-2014-2434 - DML - 5.6.15 and earlier CVE-2014-2435 - InnoDB - 5.6.16 and earlier CVE-2014-2442 - MyISAM - 5.6.15 and earlier CVE-2014-2450 - Optimizer - 5.6.15 and earlier CVE-2014-2419 - Partition - 5.5.35 and earlier, 5.6.15 and earlier CVE-2014-0384 - XML - 5.5.35 and earlier, 5.6.15 and earlier CVE-2014-2430 - Performance Schema - 5.5.36 and earlier, 5.6.16 and earlier CVE-2014-2451 - Privileges - 5.6.15 and earlier CVE-2014-2438 - Replication - 5.5.35 and earlier, 5.6.15 and earlier CVE-2014-2432 - Federated - 5.5.35 and earlier, 5.6.15 and earlier CVE-2014-2431 - Options - 5.5.36 and earlier, 5.6.16 and earlier
bugbot adjusting priority
Seems there is no option other than a version update to the latest 5.5.37. The lack of information is frustrating to say the least. Normally, this is not a viable way to treat our users - just without any background information whatsoever, with no detailed list of changes, with no association between CVE ID and source change.
Oracle confirmed that all of the above 14 CVE IDs are fixed in version 5.5.37.
The SWAMPID for this issue is 57284. This issue was rated as important. Please submit fixed packages until 2014-05-16. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: libmysql55client18, libmysql55client18-32bit, libmysql55client18-64bit, libmysql55client18-x86, libmysql55client_r18, libmysql55client_r18-32bit, libmysql55client_r18-64bit, libmysql55client_r18-x86, libmysqlclient-devel, libmysqlclient15, libmysqlclient15-32bit, libmysqlclient15-64bit, libmysqlclient15-x86, libmysqlclient_r15, libmysqlclient_r15-32bit, libmysqlclient_r15-64bit, libmysqlclient_r15-x86, mysql, mysql-Max, mysql-bench, mysql-client, mysql-debug, mysql-debug-version, mysql-debuginfo, mysql-debugsource, mysql-test, mysql-tools Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0769-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 858823,861493,873896 CVE References: CVE-2013-4316,CVE-2013-5860,CVE-2013-5881,CVE-2013-5882,CVE-2013-5891,CVE-2013-5894,CVE-2013-5908,CVE-2014-0001,CVE-2014-0384,CVE-2014-0386,CVE-2014-0393,CVE-2014-0401,CVE-2014-0402,CVE-2014-0412,CVE-2014-0420,CVE-2014-0427,CVE-2014-0430,CVE-2014-0431,CVE-2014-0433,CVE-2014-0437,CVE-2014-2419,CVE-2014-2430,CVE-2014-2431,CVE-2014-2432,CVE-2014-2434,CVE-2014-2435,CVE-2014-2436,CVE-2014-2438,CVE-2014-2440,CVE-2014-2442,CVE-2014-2444,CVE-2014-2450,CVE-2014-2451 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): mysql-5.0.96-0.6.11, mysql-5.5.37-0.7.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): mysql-5.0.96-0.6.11, mysql-5.5.37-0.7.1 SUSE Linux Enterprise Server 11 SP3 (src): mysql-5.0.96-0.6.11, mysql-5.5.37-0.7.1 SUSE Linux Enterprise Desktop 11 SP3 (src): mysql-5.0.96-0.6.11, mysql-5.5.37-0.7.1
Guys, can SLES 11SP1 also be affected by this issue?