Details of VAR-201410-0859

ID

VAR-201410-0859

CVE

CVE-2014-6559

TITLE

Oracle MySQL of MySQL Server In C API SSL CERTIFICATE HANDLING Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004803

DESCRIPTION

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Oracle MySQL Server is prone to a remote security vulnerability. The vulnerability can be exploited over the 'MySQL Protocol' protocol. This vulnerability affects the following supported versions: 5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from the source tarball and only builds with jemalloc if a system copy of the jemalloc library is detecting during the build. This update provides the jemalloc library packages to resolve this issue. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUT0QSmqjQ0CJFipgRAmnhAKCOd9QLoxRrlcA8U4XLA46+ZhjfFwCfQzhY tRKQjAv7QAJqbwipIkIIC8Q= =uyHd -----END PGP SIGNATURE----- . Galera is a synchronous multi-master cluster for MariaDB. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL, MariaDB: Multiple vulnerabilities Date: November 05, 2014 Bugs: #525504 ID: 201411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact. MariaDB is an enhanced, drop-in replacement for MySQL. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.5.40 >= 5.5.40 2 dev-db/mariadb < 5.5.40-r1 >= 5.5.40-r1 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40" All MariaDB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1" References ========== [ 1 ] CVE-2014-6464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464 [ 2 ] CVE-2014-6469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469 [ 3 ] CVE-2014-6491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491 [ 4 ] CVE-2014-6494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494 [ 5 ] CVE-2014-6496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496 [ 6 ] CVE-2014-6500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500 [ 7 ] CVE-2014-6507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507 [ 8 ] CVE-2014-6555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555 [ 9 ] CVE-2014-6559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql55-mysql security update Advisory ID: RHSA-2014:1860-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1860.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: mysql55-mysql-5.5.40-1.el7.src.rpm x86_64: mysql55-mysql-5.5.40-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el7.x86_64.rpm mysql55-mysql-server-5.5.40-1.el7.x86_64.rpm mysql55-mysql-test-5.5.40-1.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: mysql55-mysql-5.5.40-1.el7.src.rpm x86_64: mysql55-mysql-5.5.40-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el7.x86_64.rpm mysql55-mysql-server-5.5.40-1.el7.x86_64.rpm mysql55-mysql-test-5.5.40-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUadeJXlSAg2UNWIIRAtmnAJ4x8Y6RRqT5B+l1JR6eVF1D+eT0qgCePEN9 xi3DFCY2l++aBqnqc1ZqUtc= =fyM7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 3. 5 client): Source: mysql55-mysql-5.5.40-2.el5.src.rpm i386: mysql55-mysql-5.5.40-2.el5.i386.rpm mysql55-mysql-bench-5.5.40-2.el5.i386.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm mysql55-mysql-libs-5.5.40-2.el5.i386.rpm mysql55-mysql-server-5.5.40-2.el5.i386.rpm mysql55-mysql-test-5.5.40-2.el5.i386.rpm x86_64: mysql55-mysql-5.5.40-2.el5.x86_64.rpm mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.x86_64.rpm mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm RHEL Desktop Workstation (v

Trust: 2.61

sources: NVD: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // BID: 70487 // VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // PACKETSTORM: 128872 // PACKETSTORM: 129354 // PACKETSTORM: 128990 // PACKETSTORM: 129124 // PACKETSTORM: 129359 // PACKETSTORM: 129122

AFFECTED PRODUCTS

vendor:	oracle	model:	mysql	scope:	lte	version:	5.5.39	Trust: 1.8
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.20	Trust: 1.8
vendor:	suse	model:	linux enterprise workstation extension	scope:	eq	version:	12	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	5.5.40	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.0.15	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lte	version:	15.1	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 1.0
vendor:	mysql ab	model:	mysql	scope:	lte	version:	5.5.9	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	15.1	Trust: 0.6
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3

sources: BID: 70487 // JVNDB: JVNDB-2014-004803 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-6559
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-6559
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-455
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-74503
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-6559
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-6559
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-74503
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-6559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-455

TYPE

Unknown

Trust: 0.3

sources: BID: 70487

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004803

PATCH

title:	Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2014	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - October 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 0.8
title:	October 2014 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2014_critical_patch_update	Trust: 0.8
title:	JSA10698	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698&actp=search	Trust: 0.8
title:	Oracle MySQL Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206017	Trust: 0.6
title:	Red Hat: CVE-2014-6559	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-6559	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-428	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-428	Trust: 0.1
title:	Ubuntu Security Notice: mysql-5.5 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2384-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3054-1 mysql-5.5 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dc9d1bd54965b02ce0b328f02c7c1489	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=92308e3c4d305e91c2eba8c9c6835e83	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf	Trust: 0.1

sources: VULMON: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // CNNVD: CNNVD-201410-455

EXTERNAL IDS

db:	NVD	id:	CVE-2014-6559	Trust: 3.5
db:	BID	id:	70487	Trust: 2.1
db:	SECUNIA	id:	62073	Trust: 1.8
db:	SECUNIA	id:	61579	Trust: 1.8
db:	JUNIPER	id:	JSA10698	Trust: 1.8
db:	JVNDB	id:	JVNDB-2014-004803	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-455	Trust: 0.7
db:	VULHUB	id:	VHN-74503	Trust: 0.1
db:	VULMON	id:	CVE-2014-6559	Trust: 0.1
db:	PACKETSTORM	id:	128872	Trust: 0.1
db:	PACKETSTORM	id:	129354	Trust: 0.1
db:	PACKETSTORM	id:	128990	Trust: 0.1
db:	PACKETSTORM	id:	129124	Trust: 0.1
db:	PACKETSTORM	id:	129359	Trust: 0.1
db:	PACKETSTORM	id:	129122	Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // BID: 70487 // JVNDB: JVNDB-2014-004803 // PACKETSTORM: 128872 // PACKETSTORM: 129354 // PACKETSTORM: 128990 // PACKETSTORM: 129124 // PACKETSTORM: 129359 // PACKETSTORM: 129122 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Trust: 1.9
url:	http://security.gentoo.org/glsa/glsa-201411-02.xml	Trust: 1.9
url:	http://www.securityfocus.com/bid/70487	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 1.8
url:	http://secunia.com/advisories/61579	Trust: 1.8
url:	http://secunia.com/advisories/62073	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	Trust: 1.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6559	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6559	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6464	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6469	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6559	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6507	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6555	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2014-6559	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2014-6463	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4260	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6463	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6551	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-2494	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4274	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6551	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4207	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6484	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6505	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4274	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4258	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4287	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6505	Trust: 0.4
url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#appendixmsql	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6464	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6484	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4260	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6520	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4287	Trust: 0.4
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#appendixmsql	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2494	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6507	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6530	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6530	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6469	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6520	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4207	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6555	Trust: 0.4
url:	https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2012-5615	Trust: 0.2
url:	https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5538-release-notes/	Trust: 0.2
url:	https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5539-release-notes/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-5615	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-4243	Trust: 0.2
url:	https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4243	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2014-6559	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/2384-1/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36083	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6469	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6507	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6555	Trust: 0.1
url:	https://bugs.mageia.org/show_bug.cgi?id=14389	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6464	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1937.html	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6559	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6507	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6491	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6500	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6464	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6494	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6491	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6469	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6496	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1860.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1940.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1859.html	Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // PACKETSTORM: 128872 // PACKETSTORM: 129354 // PACKETSTORM: 128990 // PACKETSTORM: 129124 // PACKETSTORM: 129359 // PACKETSTORM: 129122 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 129354 // PACKETSTORM: 129124 // PACKETSTORM: 129359 // PACKETSTORM: 129122

SOURCES

db:	VULHUB	id:	VHN-74503
db:	VULMON	id:	CVE-2014-6559
db:	BID	id:	70487
db:	JVNDB	id:	JVNDB-2014-004803
db:	PACKETSTORM	id:	128872
db:	PACKETSTORM	id:	129354
db:	PACKETSTORM	id:	128990
db:	PACKETSTORM	id:	129124
db:	PACKETSTORM	id:	129359
db:	PACKETSTORM	id:	129122
db:	CNNVD	id:	CNNVD-201410-455
db:	NVD	id:	CVE-2014-6559

LAST UPDATE DATE

2024-11-21T22:04:35.430000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-74503	date:	2018-12-18T00:00:00
db:	VULMON	id:	CVE-2014-6559	date:	2022-08-29T00:00:00
db:	BID	id:	70487	date:	2015-07-15T01:04:00
db:	JVNDB	id:	JVNDB-2014-004803	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201410-455	date:	2022-08-30T00:00:00
db:	NVD	id:	CVE-2014-6559	date:	2022-08-29T20:50:35.767

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-74503	date:	2014-10-15T00:00:00
db:	VULMON	id:	CVE-2014-6559	date:	2014-10-15T00:00:00
db:	BID	id:	70487	date:	2014-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-004803	date:	2014-10-20T00:00:00
db:	PACKETSTORM	id:	128872	date:	2014-10-28T18:08:20
db:	PACKETSTORM	id:	129354	date:	2014-12-02T15:55:55
db:	PACKETSTORM	id:	128990	date:	2014-11-06T17:09:34
db:	PACKETSTORM	id:	129124	date:	2014-11-17T17:11:24
db:	PACKETSTORM	id:	129359	date:	2014-12-02T13:45:00
db:	PACKETSTORM	id:	129122	date:	2014-11-17T17:09:19
db:	CNNVD	id:	CNNVD-201410-455	date:	2014-10-17T00:00:00
db:	NVD	id:	CVE-2014-6559	date:	2014-10-15T22:55:08.390