var-201410-0829
Vulnerability from variot
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'SERVER:SSL:yaSSL' sub component is affected. This vulnerability affects the following supported versions: 5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. ============================================================================ Ubuntu Security Notice USN-2384-1 October 15, 2014
mysql-5.5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description: - mysql-5.5: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2384-1 CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
Package Information: https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3054-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso October 20, 2014 http://www.debian.org/security/faq
Package : mysql-5.5 CVE ID : CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 Debian Bug : 765663
Several issues have been discovered in the MySQL database server. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
For the stable distribution (wheezy), these problems have been fixed in version 5.5.40-0+wheezy1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your mysql-5.5 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJURSC7AAoJEAVMuPMTQ89EasQP/RxXHja/33Mofs2nZY2T0c++ BblmAs1D8t1csPTPjPGC2UFrBNWvvKSintqHid1W34ulFQahR+Uw0t6vuNOKoVnh oBnayvOkAl2R6EcMS3DrdEPCgmj6NGC6QNG2Qt43a5tYdR3YCBTCMhPcHoIM6m3J eQH/3UetTKrxvqM0nXNjTcVppdHUzKP3b2W/DRP90X0qtD5DdkqEqh12rCZVBvnO b3AegaZ/PoEnmzqXkLIpRs2Dtx9P/dWeL9vCDZN0X6h+NSJzXYd0YfjfEIYldSXI vKHIXFyno69pelQ7YoUA/+XKyVbvZzPL1STgV9dJtHWUi4TMR9VgIFuJMVaBoNDR YTcfN61CfOkhUI45PhEp+mprlKVwwrLXrR/R5g4dHr28EmdQmvIJOOtxbUJAUd0m y7q5PUuXWuVC54Kjm51m249dNY8IMgBAiIdrvlQyQiOL28Wgc0z2+IWFZnSL8eSH 5l8jKi20x6BYNIKQHWBqt2s4yej39dNaiNnCGqnUUOCzrbpfY1xzP25GPtQo+jVc +1IygdKN8SG3S5FTQcHsND4C2cb3A9Tgf2gwffVrQq0TyQvXQbGjWN+xh4FAhU/D ysAYdd2zPQGd+9OAE/Ja1uMZ2NY/CTzn9y5Or6eTCLpDmNFN28MsvQ9SAkAWVKe8 SgOwAiXo3xRUsGy6UiHm =j4S6 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0829", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mysql", "scope": "lte", "trust": 1.8, "vendor": "oracle", "version": "5.5.38" }, { "model": "mysql", "scope": "lte", "trust": 1.8, "vendor": "oracle", "version": "5.6.19" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "5.5.39" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.5.0" }, { "model": "solaris", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.6.0" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "5.5.0" }, { "model": "junos space", "scope": "lte", "trust": 1.0, "vendor": "juniper", "version": "15.1" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.38" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.37" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.36" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.35" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.32" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.31" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.34" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.33" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.30" }, { "model": "mysql", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "5.5.29" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "mysql ab", "version": "5.5.9" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.28" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.25" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.24" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.23" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.22" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.21" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.20" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.19" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.18" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.26" }, { "model": "mysql a", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.5.25" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "mysql", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.5.39" }, { "model": "mysql", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" } ], "sources": [ { "db": "BID", "id": "70496" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "NVD", "id": "CVE-2014-6495" }, { "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.5.38", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.6.19", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.5.39", "versionStartIncluding": "5.5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-6495" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "70496" } ], "trust": 0.3 }, "cve": "CVE-2014-6495", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-6495", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-74439", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-6495", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201410-403", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-74439", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-6495", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-74439" }, { "db": "VULMON", "id": "CVE-2014-6495" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "NVD", "id": "CVE-2014-6495" }, { "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. \nThe vulnerability can be exploited over the \u0027MySQL Protocol\u0027 protocol. The \u0027SERVER:SSL:yaSSL\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. ============================================================================\nUbuntu Security Notice USN-2384-1\nOctober 15, 2014\n\nmysql-5.5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in MySQL. \n\nSoftware Description:\n- mysql-5.5: MySQL database\n\nDetails:\n\nMultiple security issues were discovered in MySQL and this update includes\na new upstream MySQL version to fix these issues. MySQL has been updated to\n5.5.40. \n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes. \n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n mysql-server-5.5 5.5.40-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n mysql-server-5.5 5.5.40-0ubuntu0.12.04.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2384-1\n CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463,\n CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484,\n CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496,\n CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\n CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1\n https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3054-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nOctober 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463\n CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484\n CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496\n CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559\nDebian Bug : 765663\n\nSeveral issues have been discovered in the MySQL database server. Please see the MySQL 5.5 Release Notes and Oracle\u0027s\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\n http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n\nWe recommend that you upgrade your mysql-5.5 packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJURSC7AAoJEAVMuPMTQ89EasQP/RxXHja/33Mofs2nZY2T0c++\nBblmAs1D8t1csPTPjPGC2UFrBNWvvKSintqHid1W34ulFQahR+Uw0t6vuNOKoVnh\noBnayvOkAl2R6EcMS3DrdEPCgmj6NGC6QNG2Qt43a5tYdR3YCBTCMhPcHoIM6m3J\neQH/3UetTKrxvqM0nXNjTcVppdHUzKP3b2W/DRP90X0qtD5DdkqEqh12rCZVBvnO\nb3AegaZ/PoEnmzqXkLIpRs2Dtx9P/dWeL9vCDZN0X6h+NSJzXYd0YfjfEIYldSXI\nvKHIXFyno69pelQ7YoUA/+XKyVbvZzPL1STgV9dJtHWUi4TMR9VgIFuJMVaBoNDR\nYTcfN61CfOkhUI45PhEp+mprlKVwwrLXrR/R5g4dHr28EmdQmvIJOOtxbUJAUd0m\ny7q5PUuXWuVC54Kjm51m249dNY8IMgBAiIdrvlQyQiOL28Wgc0z2+IWFZnSL8eSH\n5l8jKi20x6BYNIKQHWBqt2s4yej39dNaiNnCGqnUUOCzrbpfY1xzP25GPtQo+jVc\n+1IygdKN8SG3S5FTQcHsND4C2cb3A9Tgf2gwffVrQq0TyQvXQbGjWN+xh4FAhU/D\nysAYdd2zPQGd+9OAE/Ja1uMZ2NY/CTzn9y5Or6eTCLpDmNFN28MsvQ9SAkAWVKe8\nSgOwAiXo3xRUsGy6UiHm\n=j4S6\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-6495" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "BID", "id": "70496" }, { "db": "VULHUB", "id": "VHN-74439" }, { "db": "VULMON", "id": "CVE-2014-6495" }, { "db": "PACKETSTORM", "id": "128698" }, { "db": "PACKETSTORM", "id": "128759" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-6495", "trust": 3.1 }, { "db": "BID", "id": "70496", "trust": 2.1 }, { "db": "JUNIPER", "id": "JSA10698", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004821", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201410-403", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-74439", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-6495", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128698", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128759", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-74439" }, { "db": "VULMON", "id": "CVE-2014-6495" }, { "db": "BID", "id": "70496" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "PACKETSTORM", "id": "128698" }, { "db": "PACKETSTORM", "id": "128759" }, { "db": "NVD", "id": "CVE-2014-6495" }, { "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "id": "VAR-201410-0829", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-74439" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:02:55.353000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2014", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "title": "Oracle Solaris Third Party Bulletin - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "title": "October 2014 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update" }, { "title": "JSA10698", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698\u0026actp=search" }, { "title": "mysql-5.6.20", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51847" }, { "title": "mysql-5.5.39", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51843" }, { "title": "mysql-5.5.39", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51842" }, { "title": "mysql-5.6.20", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51846" }, { "title": "mysql-5.5.39-osx10.6-x86_64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51841" }, { "title": "mysql-5.6.20-osx10.6-x86_64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51845" }, { "title": "mysql-5.5.39-win32", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51840" }, { "title": "mysql-5.6.20-win32", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51844" }, { "title": "Red Hat: CVE-2014-6495", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-6495" }, { "title": "Debian CVElist Bug Report Logs: cyassl: CVE-2014-2901 CVE-2014-2902 CVE-2014-2903 CVE-2014-2904 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11d6fda56ad8f0f5aff8f1a4088693e7" }, { "title": "Ubuntu Security Notice: mysql-5.5 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2384-1" }, { "title": "Debian Security Advisories: DSA-3054-1 mysql-5.5 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dc9d1bd54965b02ce0b328f02c7c1489" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-6495 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-6495" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-6495" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/70496" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6495" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6495" }, { "trust": 0.3, "url": "http://www.oracle.com/index.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6469" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6463" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6478" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6495" }, { "trust": 0.2, "url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6551" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6484" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6500" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6555" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4274" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6496" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6464" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4287" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6505" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6507" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6520" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6559" }, { "trust": 0.2, "url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6530" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6494" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5615" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-6495" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-6495" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2384-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36083" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2384-1" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" } ], "sources": [ { "db": "VULHUB", "id": "VHN-74439" }, { "db": "VULMON", "id": "CVE-2014-6495" }, { "db": "BID", "id": "70496" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "PACKETSTORM", "id": "128698" }, { "db": "PACKETSTORM", "id": "128759" }, { "db": "NVD", "id": "CVE-2014-6495" }, { "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-74439" }, { "db": "VULMON", "id": "CVE-2014-6495" }, { "db": "BID", "id": "70496" }, { "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "db": "PACKETSTORM", "id": "128698" }, { "db": "PACKETSTORM", "id": "128759" }, { "db": "NVD", "id": "CVE-2014-6495" }, { "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-10-15T00:00:00", "db": "VULHUB", "id": "VHN-74439" }, { "date": "2014-10-15T00:00:00", "db": "VULMON", "id": "CVE-2014-6495" }, { "date": "2014-10-14T00:00:00", "db": "BID", "id": "70496" }, { "date": "2014-10-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "date": "2014-10-15T23:08:56", "db": "PACKETSTORM", "id": "128698" }, { "date": "2014-10-21T00:40:52", "db": "PACKETSTORM", "id": "128759" }, { "date": "2014-10-15T22:55:06.030000", "db": "NVD", "id": "CVE-2014-6495" }, { "date": "2014-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-18T00:00:00", "db": "VULHUB", "id": "VHN-74439" }, { "date": "2022-08-29T00:00:00", "db": "VULMON", "id": "CVE-2014-6495" }, { "date": "2015-05-07T17:05:00", "db": "BID", "id": "70496" }, { "date": "2015-12-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004821" }, { "date": "2022-08-29T20:49:55.217000", "db": "NVD", "id": "CVE-2014-6495" }, { "date": "2022-08-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-403" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201410-403" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle MySQL of MySQL Server In SERVER:SSL:yaSSL Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004821" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "70496" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.