LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mysql: multiple unspecified vulnerabilities

Package(s):mysql CVE #(s):CVE-2012-3144 CVE-2012-3147 CVE-2012-3149 CVE-2012-3150 CVE-2012-3156 CVE-2012-3158 CVE-2012-3160 CVE-2012-3163 CVE-2012-3166 CVE-2012-3167 CVE-2012-3173 CVE-2012-3177 CVE-2012-3180 CVE-2012-3197
Created:November 5, 2012 Updated:December 4, 2012
Description: From the CVE entries:

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. (CVE-2012-3144)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. (CVE-2012-3147)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. (CVE-2012-3149)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. (CVE-2012-3150)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. (CVE-2012-3156)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. (CVE-2012-3158)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. (CVE-2012-3160)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. (CVE-2012-3163)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2012-3166)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. (CVE-2012-3167)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. (CVE-2012-3173)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. (CVE-2012-3177)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. (CVE-2012-3180)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. (CVE-2012-3197)

Alerts:
Ubuntu USN-1621-1 2012-11-05
Red Hat RHSA-2012:1462-01 2012-11-14
CentOS CESA-2012:1462 2012-11-15
Oracle ELSA-2012-1462 2012-11-14
Scientific Linux SL-mysq-20121115 2012-11-15
Mageia MGASA-2012-0341 2012-11-23
Debian DSA-2581-1 2012-12-04
Mageia MGASA-2012-0349 2012-12-07
Mandriva MDVSA-2013:102 2013-04-10
(Log in to post comments)

mysql: multiple unspecified vulnerabilities

Posted Nov 8, 2012 10:33 UTC (Thu) by smurf (subscriber, #17840) [Link]

>> via unknown vectors

Sure they're known. Oracle just refuses to disclose them.

Time to ditch mysql. This kind of nil security is atrocious.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds