BugTraq
[ MDVSA-2013:250 ] mysql Oct 17 2013 09:15AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:250
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mysql
Date : October 17, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in mysql:

Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown
impact and attack vectors related to a Security Fix, aka Bug
#59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of
20120816, Oracle has not commented on this possibility (CVE-2012-2750).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2013-3839).

The updated packages have been upgraded to the 5.1.72 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htm
l
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
ba2a7994838db84ffdc554e6897ec6b8 mes5/i586/libmysql16-5.1.72-0.1mdvmes5.2.i586.rpm
f761773fd2dd239a9982e41488a01589 mes5/i586/libmysql-devel-5.1.72-0.1mdvmes5.2.i586.rpm
abfdfe6c0c1af08a146002d41c65ccf7 mes5/i586/libmysql-static-devel-5.1.72-0.1mdvmes5.2.i586.rpm
5a356e9080a7e351c34d69615b67138f mes5/i586/mysql-5.1.72-0.1mdvmes5.2.i586.rpm
ceea7d8c944d46832cd7d1715a0b9faa mes5/i586/mysql-bench-5.1.72-0.1mdvmes5.2.i586.rpm
0c534ad2edd6e3a19ab619bff7e28411 mes5/i586/mysql-client-5.1.72-0.1mdvmes5.2.i586.rpm
1b8da9ced8bb0f1b641f4a610da6dfc1 mes5/i586/mysql-common-5.1.72-0.1mdvmes5.2.i586.rpm
1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
412d97676eff68f560968bfb499342ca mes5/x86_64/lib64mysql16-5.1.72-0.1mdvmes5.2.x86_64.rpm
d53dc8b107a306df0da123b00fef42e4 mes5/x86_64/lib64mysql-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm
3f65e5f322b7d0cb98bfb3d5c92937a1 mes5/x86_64/lib64mysql-static-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm
5237d5ee69b11bb576f117dd9477ec56 mes5/x86_64/mysql-5.1.72-0.1mdvmes5.2.x86_64.rpm
db8fe6784e34ddb88b7e020db79d1272 mes5/x86_64/mysql-bench-5.1.72-0.1mdvmes5.2.x86_64.rpm
9a15c79afd52d0a5794d52d06eef1146 mes5/x86_64/mysql-client-5.1.72-0.1mdvmes5.2.x86_64.rpm
bb37ec21d892efe9950f1dc4b09fda6b mes5/x86_64/mysql-common-5.1.72-0.1mdvmes5.2.x86_64.rpm
1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSX36VmqjQ0CJFipgRAs9bAJ929K9oninBycNjoQ9WXjnbZh25UgCg7KSG
gAC+LX86wRAYvbjEApGmoEw=
=miRR
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus