oss-sec mailing list archives
Re: CVE Request: MySQL: MyISAM temporary file issue
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 16 Sep 2014 10:15:43 -0400
On 14-09-11 10:39 AM, Tomas Hoger wrote:
On Wed, 10 Sep 2014 10:28:53 -0700 Ritwik Ghoshal wrote:Please use CVE-2014-4274 for this issue. Please send an email to secalert_us () oracle com to contact Oracle for any security vulnerability related issues.As pointed out in this Gentoo bug, release notes for the mentioned MySQL versions list another issue that seems to be security: https://bugs.gentoo.org/show_bug.cgi?id=518718 3) An off-by-one error related to certificate decoding in yaSSL can be exploited to cause a buffer overflow.
There is also mention of: "Clients could determine based on connection error message content whether an account existed. (Bug #16513435, Bug #17357528, Bug #19273967)" I believe this is the fix for CVE-2012-5615, and is fixed with the following commit: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676 Marc.
Current thread:
- CVE Request: MySQL: MyISAM temporary file issue Salvatore Bonaccorso (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Marc Deslauriers (Sep 16)
- Re: CVE Request: MySQL: MyISAM temporary file issue Henri Salo (Sep 16)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Loganaden Velvindron (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 12)