Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 399375 (CVE-2011-2262)

Summary: <dev-db/mysql-5.1.61: Unspecified vulnerabilities (CVE-2011-2262,CVE-2012-{0075,0087,0101,0102,0112,0113,0114,0115,0116,0117,0118,0119,0120,0484,0485,0486,0487,0488,0489,0490,0491,0492,0493,0494,0495,0496})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A? [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2012-01-19 12:37:59 UTC 
CVE-2012-0496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect confidentiality and
  integrity via unknown vectors.

CVE-2012-0495 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486,
  CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and
  CVE-2012-0493.

CVE-2012-0494 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows local users to affect availability via unknown vectors.

CVE-2012-0493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486,
  CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and
  CVE-2012-0495.

CVE-2012-0492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0112,
  CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

CVE-2012-0491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486,
  CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and
  CVE-2012-0495.

CVE-2012-0490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect
  availability via unknown vectors.

CVE-2012-0489 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486,
  CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and
  CVE-2012-0495.

CVE-2012-0488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486,
  CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and
  CVE-2012-0495.

CVE-2012-0487 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486,
  CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and
  CVE-2012-0495.

CVE-2012-0486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487,
  CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and
  CVE-2012-0495.

CVE-2012-0485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0112,
  CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

CVE-2012-0484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect
  confidentiality via unknown vectors.

CVE-2012-0120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0112,
  CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

CVE-2012-0119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0112,
  CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

CVE-2012-0118 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect confidentiality
  and availability via unknown vectors, a different vulnerability than
  CVE-2012-0113.

CVE-2012-0117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.5.x allows remote authenticated users to affect availability via unknown
  vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487,
  CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and
  CVE-2012-0495.

CVE-2012-0116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect confidentiality
  and integrity via unknown vectors.

CVE-2012-0115 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0112,
  CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

CVE-2012-0114 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and
  integrity via unknown vectors.

CVE-2012-0113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect confidentiality
  and availability via unknown vectors, a different vulnerability than
  CVE-2012-0118.

CVE-2012-0112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0115,
  CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

CVE-2012-0102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x and 5.1.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0087 and
  CVE-2012-0101.

CVE-2012-0101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x and 5.1.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0087 and
  CVE-2012-0102.

CVE-2012-0087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x and 5.1.x allows remote authenticated users to affect availability via
  unknown vectors, a different vulnerability than CVE-2012-0101 and
  CVE-2012-0102.

CVE-2012-0075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect
  integrity via unknown vectors.

CVE-2011-2262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.x and 5.5.x allows remote attackers to affect availability via unknown
  vectors.


Upstream links to a currently unavailable update note at http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-02-02 03:05:30 UTC 
5.5.21, 5.1.61 are in the tree.
The mysql team no longer supports 5.0 series except for migrations (it's in package.mask), and upstream has not released the source for 5.0.95 yet.

Should be good to go stablereq
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-02-02 03:16:12 UTC 
Thanks.

Arches, please test and mark stable:
=dev-db/mysql-5.1.61
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-02-02 15:53:22 UTC 
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-02-04 17:12:30 UTC 
Stable for HPPA.
Comment 5 Thomas Kahle (RETIRED) gentoo-dev 2012-02-08 16:57:29 UTC 
x86 stable. Thanks
Comment 6 Markus Meier gentoo-dev 2012-02-10 17:14:00 UTC 
arm stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2012-02-11 18:57:44 UTC 
alpha/ia64/s390/sh/sparc stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2012-02-28 19:58:56 UTC 
ppc done
Comment 9 Brent Baude (RETIRED) gentoo-dev 2012-03-03 17:10:51 UTC 
ppc64 done
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2012-03-03 20:07:32 UTC 
Thanks, everyone. GLSA request filed.
Comment 11 Jorge Manuel B. S. Vicetto (RETIRED) gentoo-dev 2013-03-18 00:42:04 UTC 
(In reply to comment #10)
> Thanks, everyone. GLSA request filed.

Is there anything left to do here?
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2013-08-29 09:11:50 UTC 
This issue was resolved and addressed in
 GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml
by GLSA coordinator Sergey Popov (pinkbyte).