Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in mysql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mysql
ID: MDVSA-2013:008
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0
Datum: Mi, 6. Februar 2013, 16:37
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
Applikationen: MySQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1360162450-3376-232

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:008
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : February 6, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilites has been found and corrected in mysql:

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before
5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62,
5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23,
when running in certain environments with certain implementations of
the memcmp function, allows remote attackers to bypass authentication
by repeatedly authenticating with the same incorrect password,
which eventually causes a token comparison to succeed due to an
improperly-checked return value (CVE-2012-2122).

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote
authenticated users to cause a denial of service (mysqld crash)
via vectors related to incorrect calculation and a sort order index
(CVE-2012-2749).

Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions
through 5.5.28, and 5.1.53 and other versions through 5.1.66, and
MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before
5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to
execute arbitrary code via a long argument to the GRANT FILE command
(CVE-2012-5611).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
fc4d3016b0f765b6bc032cd8419ed389
mes5/i586/libmysql15-5.0.96-0.2mdvmes5.2.i586.rpm
2100e58e1f296aa6301b72ccfe7facea
mes5/i586/libmysql-devel-5.0.96-0.2mdvmes5.2.i586.rpm
31e724b305071c6a9b6de77f60efe4c4
mes5/i586/libmysql-static-devel-5.0.96-0.2mdvmes5.2.i586.rpm
657bb67bd96b4d60c2c35deed56c275c mes5/i586/mysql-5.0.96-0.2mdvmes5.2.i586.rpm
63ea45bacd62d4826aab267f70bb4b5c
mes5/i586/mysql-bench-5.0.96-0.2mdvmes5.2.i586.rpm
92ebddf104c957aedefc3c85df9dda27
mes5/i586/mysql-client-5.0.96-0.2mdvmes5.2.i586.rpm
bcadb448a66472b54d6a51d03045f5a8
mes5/i586/mysql-common-5.0.96-0.2mdvmes5.2.i586.rpm
a7179661caf876546ebc459a76e86a6c
mes5/i586/mysql-doc-5.0.96-0.2mdvmes5.2.i586.rpm
f60dd8694dc591497ea1ea8b2408761f
mes5/i586/mysql-max-5.0.96-0.2mdvmes5.2.i586.rpm
9ff45bc93a2179bf0de50e6b9c6da892
mes5/i586/mysql-ndb-extra-5.0.96-0.2mdvmes5.2.i586.rpm
59c20bd6a41f80b4cbe8428f8d081da2
mes5/i586/mysql-ndb-management-5.0.96-0.2mdvmes5.2.i586.rpm
f971d8627778d1f3046f3f01d7a4d7b6
mes5/i586/mysql-ndb-storage-5.0.96-0.2mdvmes5.2.i586.rpm
4d82592f868eef0f22f5e1195dfb8865
mes5/i586/mysql-ndb-tools-5.0.96-0.2mdvmes5.2.i586.rpm
1f96c2275ada2cf76d3ae8e18399f664 mes5/SRPMS/mysql-5.0.96-0.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
a1e23a45f6a852cfb592ba9f86714d7d
mes5/x86_64/lib64mysql15-5.0.96-0.2mdvmes5.2.x86_64.rpm
bd612f74fba9117055aca25a4413258d
mes5/x86_64/lib64mysql-devel-5.0.96-0.2mdvmes5.2.x86_64.rpm
6a2c935780de206125dc3b32a2fe9e0b
mes5/x86_64/lib64mysql-static-devel-5.0.96-0.2mdvmes5.2.x86_64.rpm
6df1fa963235ab8a11db68abc8de6b38
mes5/x86_64/mysql-5.0.96-0.2mdvmes5.2.x86_64.rpm
338ede1fe624e0831799163fd5fb8b53
mes5/x86_64/mysql-bench-5.0.96-0.2mdvmes5.2.x86_64.rpm
4174052845228297cedee1983d9ae1bf
mes5/x86_64/mysql-client-5.0.96-0.2mdvmes5.2.x86_64.rpm
e346393d89f1536cf1b0cb831bc17870
mes5/x86_64/mysql-common-5.0.96-0.2mdvmes5.2.x86_64.rpm
7c7d39955611c104931e75f5004bf30a
mes5/x86_64/mysql-doc-5.0.96-0.2mdvmes5.2.x86_64.rpm
15fdbbb1ab8fad3536d494c0666f85ca
mes5/x86_64/mysql-max-5.0.96-0.2mdvmes5.2.x86_64.rpm
dcdea145c396d57f7fcb766286f9578a
mes5/x86_64/mysql-ndb-extra-5.0.96-0.2mdvmes5.2.x86_64.rpm
5c093cf81e506c605b9832e0c6e2635c
mes5/x86_64/mysql-ndb-management-5.0.96-0.2mdvmes5.2.x86_64.rpm
13158037cfe0ad1aca84798d95a791db
mes5/x86_64/mysql-ndb-storage-5.0.96-0.2mdvmes5.2.x86_64.rpm
4d3ebdb87de4fa1e2bf1b0b860bdfe83
mes5/x86_64/mysql-ndb-tools-5.0.96-0.2mdvmes5.2.x86_64.rpm
1f96c2275ada2cf76d3ae8e18399f664 mes5/SRPMS/mysql-5.0.96-0.2mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFREkJimqjQ0CJFipgRAl/xAJ9Nyz5xHQdEiX+a2XzSxNaQjSRruwCgucW5
SC4KSoeUSI2UBeT3OatnMDY=
=mUvH
-----END PGP SIGNATURE-----


------------=_1360162450-3376-232
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1360162450-3376-232--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung