Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 417989 (CVE-2012-0540) - <dev-db/mysql-5.1.66: multiple vulnerabilities (CVE-2012-{0540,1689,1734,2749,3150,3158,3160,3163,3166,3167,3173,3177,3180,3197})
Summary: <dev-db/mysql-5.1.66: multiple vulnerabilities (CVE-2012-{0540,1689,1734,2749...
Status: RESOLVED FIXED
Alias: CVE-2012-0540
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://dev.mysql.com/doc/refman/5.1/e...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-28 13:36 UTC by Rodrigo Severo
Modified: 2013-08-29 09:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rodrigo Severo 2012-05-28 13:36:01 UTC
mysql-5.1.63 is available at http://www.mysql.com/downloads/mysql/5.1.html#downloads

It fixes several bugs.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-07-22 15:19:05 UTC
CVE-2012-1734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734):
  Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and
  5.5.23 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server Optimizer.

CVE-2012-1689 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689):
  Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and
  5.5.22 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server Optimizer.

CVE-2012-0540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540):
  Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and
  5.5.23 and earlier allows remote authenticated users to affect availability,
  related to GIS Extension.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-08-17 11:57:49 UTC
CVE-2012-2749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749):
  MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote
  authenticated users to cause a denial of service (mysqld crash) via vectors
  related to incorrect calculation and a sort order index.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-10-18 00:31:49 UTC
CVE-2012-3197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server
  Replication.

CVE-2012-3180 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server
  Optimizer.

CVE-2012-3177 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server.

CVE-2012-3173 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to InnoDB Plugin.

CVE-2012-3167 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server Full Text
  Search.

CVE-2012-3166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to InnoDB.

CVE-2012-3163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated
  users to affect confidentiality, integrity, and availability via unknown
  vectors related to Information Schema.

CVE-2012-3160 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect
  confidentiality via unknown vectors related to Server Installation.

CVE-2012-3158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to Protocol.

CVE-2012-3150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server
  Optimizer.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-11-11 02:08:46 UTC
Why is this tagged ebuild+?
5.1.66 is in the tree and a stable candidate.

5.5 was only moved out of p.mask in the last week.
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-11 13:51:51 UTC
(In reply to comment #4)
> Why is this tagged ebuild+?
> 5.1.66 is in the tree and a stable candidate.
> 
> 5.5 was only moved out of p.mask in the last week.

Great, thanks.

Arches, please test and mark stable =dev-db/mysql-5.1.66
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-11 20:41:25 UTC
Arch teams, please test and mark stable:
=dev-db/mysql-5.1.66
Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
Comment 7 Andreas Schürch gentoo-dev 2012-11-12 18:21:28 UTC
x86 done.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-12 19:19:20 UTC
Stable for HPPA.
Comment 9 Agostino Sarubbo gentoo-dev 2012-11-14 13:35:55 UTC
amd64 stable
Comment 10 Brent Baude (RETIRED) gentoo-dev 2012-11-20 20:50:27 UTC
ppc done
Comment 11 Markus Meier gentoo-dev 2012-11-21 21:48:43 UTC
arm stable
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2012-11-25 19:00:17 UTC
alpha/ia64/s390/sh/sparc stable
Comment 13 Anthony Basile gentoo-dev 2012-12-01 00:53:17 UTC
stable on ppc64, closing
Comment 14 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-01 13:59:21 UTC
Thanks, everyone.

Added to existing GLSA request.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2013-08-29 09:11:55 UTC
This issue was resolved and addressed in
 GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml
by GLSA coordinator Sergey Popov (pinkbyte).