MGASA-2012-0349
Date: | November 30th, 2012 |
Affected releases: | 1, 2 |
Description:
This mysql/mariadb update fixes CVE-2012-5611.
(originally CVE-2012-5579)
MySQL bug 13889741 (CVE-2012-3163) was, apparently, not completely
fixed. A similar test case finds a new and more dangerous buffer
overflow.
To exploit this one needs a valid low-privileged user account in the
MariaDB (or MySQL) server.
December 7, 2012: Note, this advisory is released now as embargo is
lifted, but the update in question went out on November 30th, 2012.
Updated Packages:
Mageia 1:
mysql-5.5.23-1.3.mga1
mysql-bench-5.5.23-1.3.mga1
mysql-client-5.5.23-1.3.mga1
mysql-common-5.5.23-1.3.mga1
mysql-common-core-5.5.23-1.3.mga1
mysql-core-5.5.23-1.3.mga1
lib(64)mysql18-5.5.23-1.3.mga1
lib(64)mysqld0-5.5.23-1.3.mga1
lib(64)mysqld-devel-5.5.23-1.3.mga1
lib(64)mysql-devel-5.5.23-1.3.mga1
lib(64)mysqlservices-5.5.23-1.3.mga1
Mageia 2:
mariadb-5.5.25-2.4.mga2
mariadb-bench-5.5.25-2.4.mga2
mariadb-client-5.5.25-2.4.mga2
mariadb-common-5.5.25-2.4.mga2
mariadb-common-core-5.5.25-2.4.mga2
mariadb-core-5.5.25-2.4.mga2
mariadb-extra-5.5.25-2.4.mga2
mariadb-feedback-5.5.25-2.4.mga2
mariadb-obsolete-5.5.25-2.4.mga2
mysql-MariaDB-5.5.25-2.4.mga2
lib(64)mariadb18-5.5.25-2.4.mga2
lib(64)mariadb-devel-5.5.25-2.4.mga2
lib(64)mariadb-embedded18-5.5.25-2.4.mga2
lib(64)mariadb-embedded-devel-5.5.25-2.4.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
https://mariadb.atlassian.net/browse/MDEV-3884
https://bugs.mageia.org/show_bug.cgi?id=8247