Date: Wed, 10 Sep 2014 10:28:53 -0700 From: Ritwik Ghoshal <ritwik.ghoshal@...cle.com> To: oss-security@...ts.openwall.com CC: CVE Assignments MITRE <cve-assign@...re.org> Subject: Re: CVE Request: MySQL: MyISAM temporary file issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please use CVE-2014-4274 for this issue. Please send an email to secalert_us@...cle.com to contact Oracle for any security vulnerability related issues. More information is available at - http://www.oracle.com/us/support/assurance/vulnerability-remediation/reporting-security-vulnerabilities/index.html Thanks, - -Ritwik On 9/10/2014 10:15 AM, Ritwik Ghoshal wrote: > > I'll look into this and get back to you shortly. > > Thanks, > -Ritwik > > > On 9/10/2014 9:29 AM, Kurt Seifried wrote: >> Technically speaking Oracle is a CNA and should be handling this, I have >> no idea how to contact them though, Mitre, can you guys reach out to >> them? Also does this affect MariaDB? > >> On 10/09/14 10:00 AM, Salvatore Bonaccorso wrote: >>> Hi >>> >>> The changes for MySQL 5.5.39 and 5.6.20 contain a reference to >>> the following issue, which could be exploited by a local user to run >>> arbitrary code in context of the mysqld server. >>> >>> MyISAM temporary files could be used to mount a code-execution attack. >>> (Bug #18045646). >>> >>> This is also tracked in and  mentioning as relevant fix . >>> >>> Was a CVE already requested for this issue? If not, could one be >>> assigned? >>> >>> Regards, >>> Salvatore >>> >>>  https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html >>>  https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-20.html >>>  https://bugzilla.redhat.com/show_bug.cgi?id=1126271 >>>  https://bugs.gentoo.org/show_bug.cgi?id=518718 >>>  https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638 >>> > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUEIpRAAoJEB1zxS9196oudt4IAKDHu+phcRPSlXzXgjRMm5Tp Viv7ejTo2wANPK6hAD7/7aBjb2qAMvtY2HXUtm8spqA5199pV2mGSS7ItuQFBOCc FE0AKnPg6CoDZKe1hVhjOHveZiBJkKpGYOs74bxwhu1acPlF/oq38CWAV7yb8pjo 74Nuc+JErZGCIEVNJXpgrQMfHJ1OS8VbWCEtOkgLpU8fNBlwR9jMQQtlOqAv+PEB OA3nE5guX6CtHGCKa4YaMVmWh0au/q72R3fONP1WwAYrXjlBznovCdE9sZjzw1Np 01/51rso0ranMYN76h6DCztD6bQKVWJaDSOoGOJyD234EcF4DUb642ch9OAp+3A= =Qule -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.