From Mageia wiki
Jump to: navigation, search

MGASA-2012-0349

Date: November 30th, 2012
Affected releases: 1, 2


Description:
This mysql/mariadb update fixes CVE-2012-5611.
(originally CVE-2012-5579)

MySQL bug 13889741 (CVE-2012-3163) was, apparently, not completely
fixed. A similar test case finds a new and more dangerous buffer
overflow.

To exploit this one needs a valid low-privileged user account in the
MariaDB (or MySQL) server.

December 7, 2012: Note, this advisory is released now as embargo is
lifted, but the update in question went out on November 30th, 2012.


Updated Packages:
Mageia 1:
mysql-5.5.23-1.3.mga1
mysql-bench-5.5.23-1.3.mga1
mysql-client-5.5.23-1.3.mga1
mysql-common-5.5.23-1.3.mga1
mysql-common-core-5.5.23-1.3.mga1
mysql-core-5.5.23-1.3.mga1
lib(64)mysql18-5.5.23-1.3.mga1
lib(64)mysqld0-5.5.23-1.3.mga1
lib(64)mysqld-devel-5.5.23-1.3.mga1
lib(64)mysql-devel-5.5.23-1.3.mga1
lib(64)mysqlservices-5.5.23-1.3.mga1

Mageia 2:
mariadb-5.5.25-2.4.mga2
mariadb-bench-5.5.25-2.4.mga2
mariadb-client-5.5.25-2.4.mga2
mariadb-common-5.5.25-2.4.mga2
mariadb-common-core-5.5.25-2.4.mga2
mariadb-core-5.5.25-2.4.mga2
mariadb-extra-5.5.25-2.4.mga2
mariadb-feedback-5.5.25-2.4.mga2
mariadb-obsolete-5.5.25-2.4.mga2
mysql-MariaDB-5.5.25-2.4.mga2
lib(64)mariadb18-5.5.25-2.4.mga2
lib(64)mariadb-devel-5.5.25-2.4.mga2
lib(64)mariadb-embedded18-5.5.25-2.4.mga2
lib(64)mariadb-embedded-devel-5.5.25-2.4.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
https://mariadb.atlassian.net/browse/MDEV-3884
https://bugs.mageia.org/show_bug.cgi?id=8247