mysql: SRINFOSC and SRCHAR related issues (CVE-2014-4258 CVE-2014-4260)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC (CVE-2014-4258):
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows
unauthorized modification; Allows disruption of service
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR (CVE-2014-4260):
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Required to exploit
Impact Type: Allows unauthorized modification; Allows disruption of
service
New version 5.5.38 is available.
References:
CONFIRM:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
DOWNLOAD: ftp://sunsite.icm.edu.pl/pub/unix/mysql/Downloads/MySQL-5.5/
(from redmine: issue id 3184, created on 2014-07-18, closed on 2014-07-21)
- Relations:
- child #3185 (closed)
- child #3186 (closed)
- child #3187 (closed)
- child #3188 (closed)