what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-250

Mandriva Linux Security Advisory 2013-250
Posted Oct 17, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-250 - Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of but as of 20120816, Oracle has not commented on this possibility. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. The updated packages have been upgraded to the 5.1.72 version which is not vulnerable to these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-2750, CVE-2013-3839
SHA-256 | c864968f108811c88cbf8bf6028a5edaa0d41e1d45fc7d00a66784be1d337ca6

Mandriva Linux Security Advisory 2013-250

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:250
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mysql
Date : October 17, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in mysql:

Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown
impact and attack vectors related to a Security Fix, aka Bug
#59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of
20120816, Oracle has not commented on this possibility (CVE-2012-2750).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2013-3839).

The updated packages have been upgraded to the 5.1.72 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
ba2a7994838db84ffdc554e6897ec6b8 mes5/i586/libmysql16-5.1.72-0.1mdvmes5.2.i586.rpm
f761773fd2dd239a9982e41488a01589 mes5/i586/libmysql-devel-5.1.72-0.1mdvmes5.2.i586.rpm
abfdfe6c0c1af08a146002d41c65ccf7 mes5/i586/libmysql-static-devel-5.1.72-0.1mdvmes5.2.i586.rpm
5a356e9080a7e351c34d69615b67138f mes5/i586/mysql-5.1.72-0.1mdvmes5.2.i586.rpm
ceea7d8c944d46832cd7d1715a0b9faa mes5/i586/mysql-bench-5.1.72-0.1mdvmes5.2.i586.rpm
0c534ad2edd6e3a19ab619bff7e28411 mes5/i586/mysql-client-5.1.72-0.1mdvmes5.2.i586.rpm
1b8da9ced8bb0f1b641f4a610da6dfc1 mes5/i586/mysql-common-5.1.72-0.1mdvmes5.2.i586.rpm
1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
412d97676eff68f560968bfb499342ca mes5/x86_64/lib64mysql16-5.1.72-0.1mdvmes5.2.x86_64.rpm
d53dc8b107a306df0da123b00fef42e4 mes5/x86_64/lib64mysql-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm
3f65e5f322b7d0cb98bfb3d5c92937a1 mes5/x86_64/lib64mysql-static-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm
5237d5ee69b11bb576f117dd9477ec56 mes5/x86_64/mysql-5.1.72-0.1mdvmes5.2.x86_64.rpm
db8fe6784e34ddb88b7e020db79d1272 mes5/x86_64/mysql-bench-5.1.72-0.1mdvmes5.2.x86_64.rpm
9a15c79afd52d0a5794d52d06eef1146 mes5/x86_64/mysql-client-5.1.72-0.1mdvmes5.2.x86_64.rpm
bb37ec21d892efe9950f1dc4b09fda6b mes5/x86_64/mysql-common-5.1.72-0.1mdvmes5.2.x86_64.rpm
1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSX36VmqjQ0CJFipgRAs9bAJ929K9oninBycNjoQ9WXjnbZh25UgCg7KSG
gAC+LX86wRAYvbjEApGmoEw=
=miRR
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close