Bug 915914 (CVE-2014-2494) - VUL-0: CVE-2014-2494: mariadb: 10.0.12 release has security issues
Summary: VUL-0: CVE-2014-2494: mariadb: 10.0.12 release has security issues
Status: RESOLVED FIXED
Alias: CVE-2014-2494
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2015-03-04
Assignee: Kristyna Streitova
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:60717:important
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-03 07:22 UTC by Marcus Meissner
Modified: 2019-05-06 13:58 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-02-03 07:22:00 UTC 
https://mariadb.com/kb/en/mariadb/mariadb-10012-release-notes/

Fixes for the following security vulnerabilities:

    CVE-2014-4258
    CVE-2014-4260
    CVE-2014-2494
    CVE-2014-4207 


(please add the CVE to the changes of the next submission)
Comment 1 Swamp Workflow Management 2015-02-03 23:00:44 UTC 
bugbot adjusting priority
Comment 2 Kristyna Streitova 2015-02-13 16:57:25 UTC 
The CVEs were added to the changelog. MariaDB 10.0.16 was submitted (mr#51592) and I'm closing this bug.
Comment 3 Kristyna Streitova 2015-02-18 13:10:27 UTC 
Re-submitted with a fix for Bug 911556 -> mr#51754
Comment 4 Swamp Workflow Management 2015-02-18 13:59:47 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-03-04.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60717
Comment 5 Johannes Segitz 2015-02-18 14:04:04 UTC 
(In reply to Swamp Workflow Management from comment #4)
Toolchain screw up, not relevant for mariadb
Comment 6 Swamp Workflow Management 2015-04-21 17:07:34 UTC 
SUSE-SU-2015:0743-1: An update that fixes 40 vulnerabilities is now available.

Category: security (important)
Bug References: 873351,876282,880891,896400,904627,906117,906194,911442,911556,915911,915912,915913,915914,919229
CVE References: CVE-2010-5298,CVE-2012-5615,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-2494,CVE-2014-3470,CVE-2014-4207,CVE-2014-4258,CVE-2014-4260,CVE-2014-4274,CVE-2014-4287,CVE-2014-6463,CVE-2014-6464,CVE-2014-6469,CVE-2014-6474,CVE-2014-6478,CVE-2014-6484,CVE-2014-6489,CVE-2014-6491,CVE-2014-6494,CVE-2014-6495,CVE-2014-6496,CVE-2014-6500,CVE-2014-6505,CVE-2014-6507,CVE-2014-6520,CVE-2014-6530,CVE-2014-6551,CVE-2014-6555,CVE-2014-6559,CVE-2014-6564,CVE-2014-6568,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0391,CVE-2015-0411,CVE-2015-0432
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.16-15.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.16-15.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.16-15.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.16-15.1