SB2014071703 - Multiple vulnerabilities in Google, mysql
Published: July 17, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2014-4233)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.
2) Input validation error (CVE-ID: CVE-2014-4238)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
3) Input validation error (CVE-ID: CVE-2014-4240)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60425
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68598
- http://www.securitytracker.com/id/1030578
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94625
- http://www.securityfocus.com/bid/68587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94623
- http://www.securityfocus.com/bid/68602
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94626