Mageia alert MGASA-2012-0349 (mysql) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0349: mysql-5.5.23-1.3.mga1 (1/core),
 mariadb-5.5.25-2.4.mga2 (2/core) 
Date:
    	       Fri, 7 Dec 2012 13:05:14 +0100
Message-ID:
    	       <20121207120513.GA13910@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0349
Date: 	November 30th, 2012
Affected releases: 	1, 2


Description:
This mysql/mariadb update fixes CVE-2012-5611.
(originally CVE-2012-5579)

MySQL bug 13889741 (CVE-2012-3163) was, apparently, not completely
fixed. A similar test case finds a new and more dangerous buffer
overflow.

To exploit this one needs a valid low-privileged user account in the
MariaDB (or MySQL) server.

December 7, 2012: Note, this advisory is released now as embargo is
lifted, but the update in question went out on November 30th, 2012.


Updated Packages:
Mageia 1:
mysql-5.5.23-1.3.mga1
mysql-bench-5.5.23-1.3.mga1
mysql-client-5.5.23-1.3.mga1
mysql-common-5.5.23-1.3.mga1
mysql-common-core-5.5.23-1.3.mga1
mysql-core-5.5.23-1.3.mga1
lib(64)mysql18-5.5.23-1.3.mga1
lib(64)mysqld0-5.5.23-1.3.mga1
lib(64)mysqld-devel-5.5.23-1.3.mga1
lib(64)mysql-devel-5.5.23-1.3.mga1
lib(64)mysqlservices-5.5.23-1.3.mga1

Mageia 2:
mariadb-5.5.25-2.4.mga2
mariadb-bench-5.5.25-2.4.mga2
mariadb-client-5.5.25-2.4.mga2
mariadb-common-5.5.25-2.4.mga2
mariadb-common-core-5.5.25-2.4.mga2
mariadb-core-5.5.25-2.4.mga2
mariadb-extra-5.5.25-2.4.mga2
mariadb-feedback-5.5.25-2.4.mga2
mariadb-obsolete-5.5.25-2.4.mga2
mysql-MariaDB-5.5.25-2.4.mga2
lib(64)mariadb18-5.5.25-2.4.mga2
lib(64)mariadb-devel-5.5.25-2.4.mga2
lib(64)mariadb-embedded18-5.5.25-2.4.mga2
lib(64)mariadb-embedded-devel-5.5.25-2.4.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
https://mariadb.atlassian.net/browse/MDEV-3884
https://bugs.mageia.org/show_bug.cgi?id=8247
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)