Summary: | <dev-db/mysql-5.1.69: yaSSL Two Buffer Overflow Vulnerabilities (CVE-2012-0553,CVE-2013-{1492,1623}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | mysql-bugs, roman.zilka |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52445/ | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-03-20 15:21:12 UTC
there is another CVE: CVE-2013-1623 https://secunia.com/advisories/52669/ Description A weakness has been reported in Oracle MySQL, which can be exploited by malicious people to disclose certain sensitive information. For more information: SA52028 The weakness is reported in versions 5.1.x through 5.1.68, 5.5.x through 5.5.30, and 5.6.x through 5.6.10. Solution The vulnerabilities will be fixed in upcoming versions 5.1.69, 5.5.31, and 5.6.11. Provided and/or discovered by Reported by the vendor. Original Advisory https://blogs.oracle.com/sunsecurity/entry/cve_2013_1623_timing_side *** Bug 464082 has been marked as a duplicate of this bug. *** CVE-2013-1492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1492): Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553. CVE-2012-0553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553): Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. Reminder in case it's been overlooked/forgotten. It's becoming older than old. 5.1.70 was stabilized in bug #477474, adding to existing GLSA draft This issue was resolved and addressed in GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml by GLSA coordinator Sergey Popov (pinkbyte). |