-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:250 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mysql Date : October 17, 2013 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in mysql: Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility (CVE-2012-2750). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer (CVE-2013-3839). The updated packages have been upgraded to the 5.1.72 version which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: ba2a7994838db84ffdc554e6897ec6b8 mes5/i586/libmysql16-5.1.72-0.1mdvmes5.2.i586.rpm f761773fd2dd239a9982e41488a01589 mes5/i586/libmysql-devel-5.1.72-0.1mdvmes5.2.i586.rpm abfdfe6c0c1af08a146002d41c65ccf7 mes5/i586/libmysql-static-devel-5.1.72-0.1mdvmes5.2.i586.rpm 5a356e9080a7e351c34d69615b67138f mes5/i586/mysql-5.1.72-0.1mdvmes5.2.i586.rpm ceea7d8c944d46832cd7d1715a0b9faa mes5/i586/mysql-bench-5.1.72-0.1mdvmes5.2.i586.rpm 0c534ad2edd6e3a19ab619bff7e28411 mes5/i586/mysql-client-5.1.72-0.1mdvmes5.2.i586.rpm 1b8da9ced8bb0f1b641f4a610da6dfc1 mes5/i586/mysql-common-5.1.72-0.1mdvmes5.2.i586.rpm 1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 412d97676eff68f560968bfb499342ca mes5/x86_64/lib64mysql16-5.1.72-0.1mdvmes5.2.x86_64.rpm d53dc8b107a306df0da123b00fef42e4 mes5/x86_64/lib64mysql-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm 3f65e5f322b7d0cb98bfb3d5c92937a1 mes5/x86_64/lib64mysql-static-devel-5.1.72-0.1mdvmes5.2.x86_64.rpm 5237d5ee69b11bb576f117dd9477ec56 mes5/x86_64/mysql-5.1.72-0.1mdvmes5.2.x86_64.rpm db8fe6784e34ddb88b7e020db79d1272 mes5/x86_64/mysql-bench-5.1.72-0.1mdvmes5.2.x86_64.rpm 9a15c79afd52d0a5794d52d06eef1146 mes5/x86_64/mysql-client-5.1.72-0.1mdvmes5.2.x86_64.rpm bb37ec21d892efe9950f1dc4b09fda6b mes5/x86_64/mysql-common-5.1.72-0.1mdvmes5.2.x86_64.rpm 1cf5ea7c2186cae90ca188fe5ee4d96b mes5/SRPMS/mysql-5.1.72-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSX36VmqjQ0CJFipgRAs9bAJ929K9oninBycNjoQ9WXjnbZh25UgCg7KSG gAC+LX86wRAYvbjEApGmoEw= =miRR -----END PGP SIGNATURE-----