Bugzilla – Bug 896400
VUL-0: CVE-2014-4274: mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20
Last modified: 2016-04-27 19:12:58 UTC
va oss-sec The changes for MySQL 5.5.39[1] and 5.6.20[2] contain a reference to the following issue, which could be exploited by a local user to run arbitrary code in context of the mysqld server. MyISAM temporary files could be used to mount a code-execution attack. (Bug #18045646). This is also tracked in[3] and [4] mentioning as relevant fix [5]. Was a CVE already requested for this issue? If not, could one be assigned? Regards, Salvatore [1] https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html [2] https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-20.html [3] https://bugzilla.redhat.com/show_bug.cgi?id=1126271 [4] https://bugs.gentoo.org/show_bug.cgi?id=518718 [5] https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638 References: https://bugzilla.redhat.com/show_bug.cgi?id=1126271 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4274 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4274.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
dup of 857678 ?
bugbot adjusting priority
Comment 1: I have searched through mysql-5.5.39 source and the line mentioned in the Bug 857678 is not present there. But it's in the older versions. param.tmpfile_createflag = O_RDWR | O_TRUNC; So I'm not sure if this is a dup of Bug 857678.
I have searched for the row that is mentioned in the patch: param.tmpfile_createflag = O_RDWR | O_TRUNC; Here is a summary describing which versions are affected or not: Product | version | state | affected files ======================================================================================== sles10-sp3-teradata | 5.0.26 | affected | /sql/ha_myisam.cc and /libmysqld/ha_myisam.cc sles11-sp1-teradata | 5.0.96 | affected | /sql/ha_myisam.cc and /libmysqld/ha_myisam.cc sles11-sp3 | 5.5.39 | not | - SLE-12 | 10.0.11 | not | - OpenSUSE 12.3 | 5.5.33 | affected | /storage/myisam/ha_myisam.cc OpenSUSE 13.1 | 5.5.33 | affected | /storage/myisam/ha_myisam.cc OpenSUSE Factory | 10.0.14 | not | -
SUSE-SU-2015:0743-1: An update that fixes 40 vulnerabilities is now available. Category: security (important) Bug References: 873351,876282,880891,896400,904627,906117,906194,911442,911556,915911,915912,915913,915914,919229 CVE References: CVE-2010-5298,CVE-2012-5615,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-2494,CVE-2014-3470,CVE-2014-4207,CVE-2014-4258,CVE-2014-4260,CVE-2014-4274,CVE-2014-4287,CVE-2014-6463,CVE-2014-6464,CVE-2014-6469,CVE-2014-6474,CVE-2014-6478,CVE-2014-6484,CVE-2014-6489,CVE-2014-6491,CVE-2014-6494,CVE-2014-6495,CVE-2014-6496,CVE-2014-6500,CVE-2014-6505,CVE-2014-6507,CVE-2014-6520,CVE-2014-6530,CVE-2014-6551,CVE-2014-6555,CVE-2014-6559,CVE-2014-6564,CVE-2014-6568,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0391,CVE-2015-0411,CVE-2015-0432 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): mariadb-10.0.16-15.1 SUSE Linux Enterprise Software Development Kit 12 (src): mariadb-10.0.16-15.1 SUSE Linux Enterprise Server 12 (src): mariadb-10.0.16-15.1 SUSE Linux Enterprise Desktop 12 (src): mariadb-10.0.16-15.1
I'm closing this bug as openSUSE 13.1 + 13.2 requests with updates to MySQL 5.6.25 was accepted (mr#314519). Factory is on MySQL 5.6.25 too now.