Univention Bugzilla – Bug 32800
mysql-5.1: Multiple issues (3.1)
Last modified: 2019-04-11 19:24:48 CEST
Some issues are still unfixed: CVE-2012-5615 CVE-2012-5627 CVE-2012-4414 CVE-2013-0169
These also need to be fixed: CVE-2013-1623 CVE-2013-2162
Two new MySQL issues from the recent MySQL release: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-3838 CVE-2012-2750
(In reply to Moritz Muehlenhoff from comment #2) > Two new MySQL issues from the recent MySQL release: > http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html > > CVE-2013-3838 CVE-2012-2750 These are already fixed in 3.1; http://errata.univention.de/ucs/3.1/190.html updated MySQL to 5.1.72 where all of these issues are fixed (Oracle usually releases their tarballs some time ahead of the CPU advisory)
This also needs to be fixed: CVE-2013-3839
(In reply to Janek Walkenhorst from comment #4) > This also needs to be fixed: > CVE-2013-3839 This is already fixed in 3.1; http://errata.univention.de/ucs/3.1/190.html updated MySQL to 5.1.72 where all of these issues are fixed (Oracle usually releases their tarballs some time ahead of the CPU advisory) (Comment 2 had a typo in the CVE ID)
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html : CVE-2014-0412 CVE-2014-0402 CVE-2014-0386 CVE-2014-0401 CVE-2014-0437 CVE-2014-0393
Buffer overflow in the command line tool when parsing a malformed server identity string (CVE-2014-0001)
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.