SB2013101604 - Multiple vulnerabilities in Google, mysql

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2013-5793)

The vulnerability allows a remote #AU# to perform service disruption.

Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786.

2) Input validation error (CVE-ID: CVE-2013-5767)

The vulnerability allows a remote #AU# to perform service disruption.

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3) Input validation error (CVE-ID: CVE-2013-5786)

The vulnerability allows a remote #AU# to perform service disruption.

Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793.

Remediation

Install update from vendor's website.

References

• http://security.gentoo.org/glsa/glsa-201409-04.xml
• http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
• http://www.securityfocus.com/bid/63116
• http://www.securitytracker.com/id/1029184
• http://www.securityfocus.com/bid/63113
• http://www.securityfocus.com/bid/63107