LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:008: mysql Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilites has been found and corrected in mysql: sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:008
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : February 6, 2013
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilites has been found and corrected in mysql:
 
 sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before
 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62,
 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23,
 when running in certain environments with certain implementations of
 the memcmp function, allows remote attackers to bypass authentication
 by repeatedly authenticating with the same incorrect password,
 which eventually causes a token comparison to succeed due to an
 improperly-checked return value (CVE-2012-2122).
 
 MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote
 authenticated users to cause a denial of service (mysqld crash)
 via vectors related to incorrect calculation and a sort order index
 (CVE-2012-2749).
 
 Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions
 through 5.5.28, and 5.1.53 and other versions through 5.1.66, and
 MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before
 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to
 execute arbitrary code via a long argument to the GRANT FILE command
 (CVE-2012-5611).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 fc4d3016b0f765b6bc032cd8419ed389  mes5/i586/libmysql15-5.0.96-0.2mdvmes5.2.i586.rpm
 2100e58e1f296aa6301b72ccfe7facea  mes5/i586/libmysql-devel-5.0.96-0.2mdvmes5.2.i586.rpm
 31e724b305071c6a9b6de77f60efe4c4  mes5/i586/libmysql-static-devel-5.0.96-0.2mdvmes5.2.i586.rpm
 657bb67bd96b4d60c2c35deed56c275c  mes5/i586/mysql-5.0.96-0.2mdvmes5.2.i586.rpm
 63ea45bacd62d4826aab267f70bb4b5c  mes5/i586/mysql-bench-5.0.96-0.2mdvmes5.2.i586.rpm
 92ebddf104c957aedefc3c85df9dda27  mes5/i586/mysql-client-5.0.96-0.2mdvmes5.2.i586.rpm
 bcadb448a66472b54d6a51d03045f5a8  mes5/i586/mysql-common-5.0.96-0.2mdvmes5.2.i586.rpm
 a7179661caf876546ebc459a76e86a6c  mes5/i586/mysql-doc-5.0.96-0.2mdvmes5.2.i586.rpm
 f60dd8694dc591497ea1ea8b2408761f  mes5/i586/mysql-max-5.0.96-0.2mdvmes5.2.i586.rpm
 9ff45bc93a2179bf0de50e6b9c6da892  mes5/i586/mysql-ndb-extra-5.0.96-0.2mdvmes5.2.i586.rpm
 59c20bd6a41f80b4cbe8428f8d081da2  mes5/i586/mysql-ndb-management-5.0.96-0.2mdvmes5.2.i586.rpm
 f971d8627778d1f3046f3f01d7a4d7b6  mes5/i586/mysql-ndb-storage-5.0.96-0.2mdvmes5.2.i586.rpm
 4d82592f868eef0f22f5e1195dfb8865  mes5/i586/mysql-ndb-tools-5.0.96-0.2mdvmes5.2.i586.rpm 
 1f96c2275ada2cf76d3ae8e18399f664  mes5/SRPMS/mysql-5.0.96-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 a1e23a45f6a852cfb592ba9f86714d7d  mes5/x86_64/lib64mysql15-5.0.96-0.2mdvmes5.2.x86_64.rpm
 bd612f74fba9117055aca25a4413258d  mes5/x86_64/lib64mysql-devel-5.0.96-0.2mdvmes5.2.x86_64.rpm
 6a2c935780de206125dc3b32a2fe9e0b  mes5/x86_64/lib64mysql-static-devel-5.0.96-0.2mdvmes5.2.x86_64.rpm
 6df1fa963235ab8a11db68abc8de6b38  mes5/x86_64/mysql-5.0.96-0.2mdvmes5.2.x86_64.rpm
 338ede1fe624e0831799163fd5fb8b53  mes5/x86_64/mysql-bench-5.0.96-0.2mdvmes5.2.x86_64.rpm
 4174052845228297cedee1983d9ae1bf  mes5/x86_64/mysql-client-5.0.96-0.2mdvmes5.2.x86_64.rpm
 e346393d89f1536cf1b0cb831bc17870  mes5/x86_64/mysql-common-5.0.96-0.2mdvmes5.2.x86_64.rpm
 7c7d39955611c104931e75f5004bf30a  mes5/x86_64/mysql-doc-5.0.96-0.2mdvmes5.2.x86_64.rpm
 15fdbbb1ab8fad3536d494c0666f85ca  mes5/x86_64/mysql-max-5.0.96-0.2mdvmes5.2.x86_64.rpm
 dcdea145c396d57f7fcb766286f9578a  mes5/x86_64/mysql-ndb-extra-5.0.96-0.2mdvmes5.2.x86_64.rpm
 5c093cf81e506c605b9832e0c6e2635c  mes5/x86_64/mysql-ndb-management-5.0.96-0.2mdvmes5.2.x86_64.rpm
 13158037cfe0ad1aca84798d95a791db  mes5/x86_64/mysql-ndb-storage-5.0.96-0.2mdvmes5.2.x86_64.rpm
 4d3ebdb87de4fa1e2bf1b0b860bdfe83  mes5/x86_64/mysql-ndb-tools-5.0.96-0.2mdvmes5.2.x86_64.rpm 
 1f96c2275ada2cf76d3ae8e18399f664  mes5/SRPMS/mysql-5.0.96-0.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers Can ‘Steal’ Bandwidth From BitTorrent Seeders, Research Finds
Linux Kernel Development Gets Two-Factor Authentication
Hacking cars and traffic lights at Def Con
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.