what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-250

Mandriva Linux Security Advisory 2013-250
Posted Oct 17, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-250 - Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of but as of 20120816, Oracle has not commented on this possibility. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. The updated packages have been upgraded to the 5.1.72 version which is not vulnerable to these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-2750, CVE-2013-3839
SHA-256 | c864968f108811c88cbf8bf6028a5edaa0d41e1d45fc7d00a66784be1d337ca6

Mandriva Linux Security Advisory 2013-250

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:250
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mysql
Date : October 17, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in mysql:

Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown
impact and attack vectors related to a Security Fix, aka Bug
#59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of
20120816, Oracle has not commented on this possibility (CVE-2012-2750).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2013-3839).

The updated packages have been upgraded to the 5.1.72 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
ba2a7994838db84ffdc554e6897ec6b8 mes5/i586/libmysql16-5.1.72-0.1mdvmes5.2.i586.rpm
f761773fd2dd239a9982e41488a01589 mes5/i586/libmysql-devel-5.1.72-0.1mdvmes5.2.i586.rpm
abfdfe6c0c1af08a146002d41c65ccf7 mes5/i586/libmysql-static-devel-5.1.72-0.1mdvmes5.2.i586.rpm
5a356e9080a7e351c34d69615b67138f mes5/i586/mysql-5.1.72-0.1mdvmes5.2.i586.rpm
ceea7d8c944d46832cd7d1715a0b9faa mes5/i586/mysql-bench-5.1.72-0.1mdvmes5.2.i586.rpm
0c534ad2edd6e3a19ab619bff7e28411 mes5/i586/mysql-client-5.1.72-0.1mdvmes5.2.i586.rpm
1b8da9ced8bb0f1b641f4a610da6dfc1 mes5/i586/mysql-common-5.1.72-0.1mdvmes5.2.i586.rpm
1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
412d97676eff68f560968bfb499342ca mes5/x86_64/lib64mysql16-5.1.72-0.1mdvmes5.2.x86_64.rpm
d53dc8b107a306df0da123b00fef42e4 mes5/x86_64/lib64mysql-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm
3f65e5f322b7d0cb98bfb3d5c92937a1 mes5/x86_64/lib64mysql-static-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm
5237d5ee69b11bb576f117dd9477ec56 mes5/x86_64/mysql-5.1.72-0.1mdvmes5.2.x86_64.rpm
db8fe6784e34ddb88b7e020db79d1272 mes5/x86_64/mysql-bench-5.1.72-0.1mdvmes5.2.x86_64.rpm
9a15c79afd52d0a5794d52d06eef1146 mes5/x86_64/mysql-client-5.1.72-0.1mdvmes5.2.x86_64.rpm
bb37ec21d892efe9950f1dc4b09fda6b mes5/x86_64/mysql-common-5.1.72-0.1mdvmes5.2.x86_64.rpm
1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSX36VmqjQ0CJFipgRAs9bAJ929K9oninBycNjoQ9WXjnbZh25UgCg7KSG
gAC+LX86wRAYvbjEApGmoEw=
=miRR
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close