SB2014041604 - Multiple vulnerabilities in Google, mysql
Published: April 16, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2014-2434)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.
2) Input validation error (CVE-ID: CVE-2014-2435)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
3) Input validation error (CVE-ID: CVE-2014-2438)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
4) Input validation error (CVE-ID: CVE-2014-2442)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.
5) Input validation error (CVE-ID: CVE-2014-2444)
The vulnerability allows a remote #AU# to read and manipulate data.
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.
6) Input validation error (CVE-ID: CVE-2014-2450)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
7) Input validation error (CVE-ID: CVE-2014-2451)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.
8) Input validation error (CVE-ID: CVE-2014-0384)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
Remediation
Install update from vendor's website.
References
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/66872
- http://www.securityfocus.com/bid/66853
- http://rhn.redhat.com/errata/RHSA-2014-0522.html
- http://rhn.redhat.com/errata/RHSA-2014-0536.html
- http://rhn.redhat.com/errata/RHSA-2014-0537.html
- http://rhn.redhat.com/errata/RHSA-2014-0702.html
- http://www.securityfocus.com/bid/66846