| From: |
| Mageia Updates <buildsystem-daemon@mageia.org> |
| To: |
| updates-announce@ml.mageia.org |
| Subject: |
| [updates-announce] MGASA-2012-0349: mysql-5.5.23-1.3.mga1 (1/core),
mariadb-5.5.25-2.4.mga2 (2/core) |
| Date: |
| Fri, 7 Dec 2012 13:05:14 +0100 |
| Message-ID: |
| <20121207120513.GA13910@valstar.mageia.org> |
| Archive-link: |
| Article, Thread
|
MGASA-2012-0349
Date: November 30th, 2012
Affected releases: 1, 2
Description:
This mysql/mariadb update fixes CVE-2012-5611.
(originally CVE-2012-5579)
MySQL bug 13889741 (CVE-2012-3163) was, apparently, not completely
fixed. A similar test case finds a new and more dangerous buffer
overflow.
To exploit this one needs a valid low-privileged user account in the
MariaDB (or MySQL) server.
December 7, 2012: Note, this advisory is released now as embargo is
lifted, but the update in question went out on November 30th, 2012.
Updated Packages:
Mageia 1:
mysql-5.5.23-1.3.mga1
mysql-bench-5.5.23-1.3.mga1
mysql-client-5.5.23-1.3.mga1
mysql-common-5.5.23-1.3.mga1
mysql-common-core-5.5.23-1.3.mga1
mysql-core-5.5.23-1.3.mga1
lib(64)mysql18-5.5.23-1.3.mga1
lib(64)mysqld0-5.5.23-1.3.mga1
lib(64)mysqld-devel-5.5.23-1.3.mga1
lib(64)mysql-devel-5.5.23-1.3.mga1
lib(64)mysqlservices-5.5.23-1.3.mga1
Mageia 2:
mariadb-5.5.25-2.4.mga2
mariadb-bench-5.5.25-2.4.mga2
mariadb-client-5.5.25-2.4.mga2
mariadb-common-5.5.25-2.4.mga2
mariadb-common-core-5.5.25-2.4.mga2
mariadb-core-5.5.25-2.4.mga2
mariadb-extra-5.5.25-2.4.mga2
mariadb-feedback-5.5.25-2.4.mga2
mariadb-obsolete-5.5.25-2.4.mga2
mysql-MariaDB-5.5.25-2.4.mga2
lib(64)mariadb18-5.5.25-2.4.mga2
lib(64)mariadb-devel-5.5.25-2.4.mga2
lib(64)mariadb-embedded18-5.5.25-2.4.mga2
lib(64)mariadb-embedded-devel-5.5.25-2.4.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
https://mariadb.atlassian.net/browse/MDEV-3884
https://bugs.mageia.org/show_bug.cgi?id=8247
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(
Log in to post comments)