Summary: | <dev-db/mysql-5.1.69: Multiple Vulnerabilities (CVE-2013-{1502,1506,1511,1512,1521,1523,1526,1531,1532,1544,1548,1552,1555,1566,1567,1570,2375,2376,2378,2381,2389,2391,2392,2395}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | mysql-bugs, s.hoogeveen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53022/ | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-17 12:27:10 UTC
CVE-2013-2395 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395): Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567. CVE-2013-2392 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392): Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVE-2013-2391 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391): Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. CVE-2013-2389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389): Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-2381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381): Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges. CVE-2013-2378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378): Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVE-2013-2376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376): Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. CVE-2013-2375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375): Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-1570 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570): Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. CVE-2013-1567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567): Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395. CVE-2013-1566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566): Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-1555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555): Unspecified vulnerability in MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. CVE-2013-1552 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552): Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-1548 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548): Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. CVE-2013-1544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544): Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. CVE-2013-1532 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532): Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. CVE-2013-1531 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531): Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. CVE-2013-1526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526): Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. CVE-2013-1523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523): Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. CVE-2013-1521 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521): Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. CVE-2013-1512 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512): Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. CVE-2013-1511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511): Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-1506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506): Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. CVE-2013-1502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502): Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. It seems MySQL 5.1.69 fixes these problems for the 5.1 branch, as well as the Geometry crash issue (CVE-2013-1861) described in bug 445602. Is there any time frame known for when, if ever, this version would appear (even masked) in Portage? (In reply to comment #2) > It seems MySQL 5.1.69 fixes these problems for the 5.1 branch, as well as > the Geometry crash issue (CVE-2013-1861) described in bug 445602. Is there > any time frame known for when, if ever, this version would appear (even > masked) in Portage? Did Oracle release 5.1.69? I still can't find it on their web site[1]. IIRC, this isn't the first time that 5.1.69 is mentioned as having fixed an issue. [1] - http://downloads.mysql.com/archives.php?p=mysql-5.1 It appears to be available on http://dev.mysql.com/downloads/mysql/5.1.html#downloads though I have to admit to not testing this release myself. Very odd that it is missing on the other list. 5.1.70 was stabilized in bug #477474, adding to existing GLSA draft This issue was resolved and addressed in GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml by GLSA coordinator Sergey Popov (pinkbyte). |