417989 – (CVE-2012-0540) <dev-db/mysql-5.1.66: multiple vulnerabilities (CVE-2012-{0540,1689,1734,2749,3150,3158,3160,3163,3166,3167,3173,3177,3180,3197})

Bug 417989 (CVE-2012-0540) - <dev-db/mysql-5.1.66: multiple vulnerabilities (CVE-2012-{0540,1689,1734,2749,3150,3158,3160,3163,3166,3167,3173,3177,3180,3197})

Summary: <dev-db/mysql-5.1.66: multiple vulnerabilities (CVE-2012-{0540,1689,1734,2749...

Status:	RESOLVED FIXED

Alias:	CVE-2012-0540

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	http://dev.mysql.com/doc/refman/5.1/e...
Whiteboard:	A3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-05-28 13:36 UTC by Rodrigo Severo
Modified:	2013-08-29 09:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rodrigo Severo 2012-05-28 13:36:01 UTC

mysql-5.1.63 is available at http://www.mysql.com/downloads/mysql/5.1.html#downloads

It fixes several bugs.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2012-07-22 15:19:05 UTC

CVE-2012-1734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734):
  Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and
  5.5.23 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server Optimizer.

CVE-2012-1689 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689):
  Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and
  5.5.22 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server Optimizer.

CVE-2012-0540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540):
  Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and
  5.5.23 and earlier allows remote authenticated users to affect availability,
  related to GIS Extension.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2012-08-17 11:57:49 UTC

CVE-2012-2749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749):
  MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote
  authenticated users to cause a denial of service (mysqld crash) via vectors
  related to incorrect calculation and a sort order index.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2012-10-18 00:31:49 UTC

CVE-2012-3197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server
  Replication.

CVE-2012-3180 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server
  Optimizer.

CVE-2012-3177 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server.

CVE-2012-3173 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to InnoDB Plugin.

CVE-2012-3167 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server Full Text
  Search.

CVE-2012-3166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to InnoDB.

CVE-2012-3163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated
  users to affect confidentiality, integrity, and availability via unknown
  vectors related to Information Schema.

CVE-2012-3160 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect
  confidentiality via unknown vectors related to Server Installation.

CVE-2012-3158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to Protocol.

CVE-2012-3150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150):
  Unspecified vulnerability in the MySQL Server component in Oracle MySQL
  5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated
  users to affect availability via unknown vectors related to Server
  Optimizer.

Comment 4 Robin Johnson archtester

2012-11-11 02:08:46 UTC

Why is this tagged ebuild+?
5.1.66 is in the tree and a stable candidate.

5.5 was only moved out of p.mask in the last week.

Comment 5 Sean Amoss (RETIRED) gentoo-dev

2012-11-11 13:51:51 UTC

(In reply to comment #4)
> Why is this tagged ebuild+?
> 5.1.66 is in the tree and a stable candidate.
> 
> 5.5 was only moved out of p.mask in the last week.

Great, thanks.

Arches, please test and mark stable =dev-db/mysql-5.1.66

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2012-11-11 20:41:25 UTC

Arch teams, please test and mark stable:
=dev-db/mysql-5.1.66
Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86

Comment 7 Andreas Schürch gentoo-dev

2012-11-12 18:21:28 UTC

x86 done.

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2012-11-12 19:19:20 UTC

Stable for HPPA.

Comment 9 Agostino Sarubbo gentoo-dev

2012-11-14 13:35:55 UTC

amd64 stable

Comment 10 Brent Baude (RETIRED) gentoo-dev

2012-11-20 20:50:27 UTC

ppc done

Comment 11 Markus Meier gentoo-dev

2012-11-21 21:48:43 UTC

arm stable

Comment 12 Raúl Porcel (RETIRED) gentoo-dev

2012-11-25 19:00:17 UTC

alpha/ia64/s390/sh/sparc stable

Comment 13 Anthony Basile gentoo-dev

2012-12-01 00:53:17 UTC

stable on ppc64, closing

Comment 14 Sean Amoss (RETIRED) gentoo-dev

2012-12-01 13:59:21 UTC

Thanks, everyone.

Added to existing GLSA request.

Comment 15 GLSAMaker/CVETool Bot gentoo-dev

2013-08-29 09:11:55 UTC

This issue was resolved and addressed in
 GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml
by GLSA coordinator Sergey Popov (pinkbyte).