Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in mysql
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in mysql
ID: FEDORA-2012-19823
Distribution: Fedora
Plattformen: Fedora 16
Datum: Fr, 21. Dezember 2012, 14:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
Applikationen: MySQL

Originalnachricht

Name        : mysql
Product : Fedora 16
Version : 5.5.28
Release : 2.fc16
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

-------------------------------------------------------------------------------
-
Update Information:

- Add patch for CVE-2012-5611
- Widen DH key length from 512 to 1024 bits to meet minimum requirements of
FIPS 140-2
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Dec 5 2012 Tom Lane <tgl@redhat.com> 5.5.28-2
- Add patch for CVE-2012-5611
Resolves: #883642
- Widen DH key length from 512 to 1024 bits to meet minimum requirements
of FIPS 140-2
Related: #877124
* Sat Sep 29 2012 Tom Lane <tgl@redhat.com> 5.5.28-1
- Update to MySQL 5.5.28, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-28.html
- Clean up partially-created database files when mysql_install_db fails
Related: #835131
- Honor user and group settings from service file in mysqld-prepare-db-dir
Resolves: #840431
- Export THR_KEY_mysys as a workaround for inadequate threading support
Resolves: #846602
- Adopt new systemd macros for server package install/uninstall triggers
Resolves: #850222
- Use --no-defaults when invoking mysqladmin to wait for the server to start
Related: #855704
* Sun Aug 5 2012 Tom Lane <tgl@redhat.com> 5.5.27-1
- Update to MySQL 5.5.27, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-27.html
* Fri Jul 6 2012 Tom Lane <tgl@redhat.com> 5.5.25a-1
- Update to MySQL 5.5.25a, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-25a.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-25.html
- Don't use systemd's Restart feature; rely on mysqld_safe instead
Resolves: #832029
* Mon Jun 11 2012 Tom Lane <tgl@redhat.com> 5.5.24-1
- Update to MySQL 5.5.24, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html
including the fix for CVE-2012-2122
Resolves: #830680
- Tweak logrotate script to put the right permissions on mysqld.log
- Minor specfile fixes for recent packaging guidelines changes
* Sat Apr 28 2012 Tom Lane <tgl@redhat.com> 5.5.23-1
- Update to MySQL 5.5.23, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
* Sat Mar 24 2012 Tom Lane <tgl@redhat.com> 5.5.22-1
- Update to MySQL 5.5.22, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html
- Turn on PrivateTmp in service file
Resolves: #782513
- Comment out the contents of /etc/logrotate.d/mysqld, so that manual
action is needed to enable log rotation. Given the multiple ways in
which the rotation script can fail, it seems imprudent to try to make
it run by default.
Resolves: #799735
* Tue Mar 20 2012 Honza Horak <hhorak@redhat.com> 5.5.21-3
- Revise mysql_plugin test patch so it moves plugin files to
a temporary directory (better solution to #789530)
* Tue Mar 13 2012 Honza Horak <hhorak@redhat.com> 5.5.21-2
- Fix ssl-related tests to specify expected cipher explicitly
Related: #789600
- Fix several strcpy calls to check destination size
* Mon Feb 27 2012 Tom Lane <tgl@redhat.com> 5.5.21-1
- Update to MySQL 5.5.21, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html
- Hack openssl regression test to still work with rawhide's openssl
- Fix assorted failures in post-install regression tests (mysql-test RPM)
Resolves: #789530
* Fri Feb 10 2012 Tom Lane <tgl@redhat.com> 5.5.20-2
- Revise our test-disabling method to make it possible to disable tests on a
platform-specific basis, and also to get rid of mysql-disable-test.patch,
which broke in just about every upstream update (Honza Horak)
- Disable cycle-counter-dependent regression tests on ARM, since there is
not currently any support for that in Fedora ARM kernels
Resolves: #773116
- Add some comments to mysqld.service documenting how to customize it
Resolves: #785243
* Fri Jan 27 2012 Tom Lane <tgl@redhat.com> 5.5.20-1
- Update to MySQL 5.5.20, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html
as well as security fixes described at
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Resolves: #783828
- Re-include the mysqld logrotate script, now that it's not so bogus
Resolves: #547007
* Wed Jan 4 2012 Tom Lane <tgl@redhat.com> 5.5.19-1
- Update to MySQL 5.5.19, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-19.html
* Sun Nov 20 2011 Tom Lane <tgl@redhat.com> 5.5.18-1
- Update to MySQL 5.5.18, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-18.html
* Sat Nov 12 2011 Tom Lane <tgl@redhat.com> 5.5.17-1
- Update to MySQL 5.5.17, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html
- Get rid of version-number assumption in sysv-to-systemd conversion trigger
* Wed Nov 2 2011 Honza Horak <hhorak@redhat.com> 5.5.16-4
- Don't assume all ethernet devices are named ethX
Resolves: #682365
- Exclude user definition from my.cnf, user is defined in mysqld.service now
Resolves: #661265
* Sun Oct 16 2011 Tom Lane <tgl@redhat.com> 5.5.16-3
- Fix unportable usage associated with va_list arguments
Resolves: #744707
* Sun Oct 16 2011 Tom Lane <tgl@redhat.com> 5.5.16-2
- Update to MySQL 5.5.16, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-16.html
* Fri Jul 29 2011 Tom Lane <tgl@redhat.com> 5.5.15-2
- Update to MySQL 5.5.15, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-15.html
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #881064 - CVE-2012-5611 mysql: acl_get() stack-based buffer
overflow
https://bugzilla.redhat.com/show_bug.cgi?id=881064
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update mysql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung