First Last Prev Next    This bug is not in your last search results.
Bug 33293 - mysql-5.1: Multiple issues (3.2)
mysql-5.1: Multiple issues (3.2)
Status: CLOSED WORKSFORME
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-x-errata
Assigned To: Security maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 12:07 CET by Moritz Muehlenhoff
Modified: 2019-04-11 19:24 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 12:07:10 CET 
+++ This bug was initially created as a clone of Bug #32800 +++

CVE-2012-5615
CVE-2012-5627
CVE-2012-4414
CVE-2013-0169
CVE-2013-1623
CVE-2013-2162
Comment 1 Moritz Muehlenhoff univentionstaff 2014-01-15 09:46:34 CET 
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html :
CVE-2014-0412
CVE-2014-0402
CVE-2014-0386
CVE-2014-0401
CVE-2014-0437
CVE-2014-0393
Comment 2 Moritz Muehlenhoff univentionstaff 2014-02-13 15:38:37 CET 
Buffer overflow in the command line tool when parsing a malformed server identity string (CVE-2014-0001)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-05-02 14:09:07 CEST 
(In reply to Moritz Muehlenhoff from comment #1)
> http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html :
> CVE-2014-0412
> CVE-2014-0402
> CVE-2014-0386
> CVE-2014-0401
> CVE-2014-0437
> CVE-2014-0393

These issues were fixed with the update to Squeeze 6.0.9 (Bug 34588). 

The following issues are still unfixed in upstream mySQL:
CVE-2012-5615
CVE-2012-5627
CVE-2012-4414
CVE-2013-1623
CVE-2013-2162
CVE-2014-0001

(CVE-2013-0169 is the generic protocol issue and CVE-2013-1623 the specific ID for mysql)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-12-09 16:39:15 CET 
These issues are all not fixed in MySQL 5.1 and since we're following the upstream releases issues by Oracle we cannot fix them either:

> The following issues are still unfixed in upstream mySQL:
> CVE-2012-5615

-> This has only been fixed in 5.5

> CVE-2012-5627

-> This turned out to be a non-issue and not much different from standard bruteforce guessing

> CVE-2012-4414

This has only been fixed in 5.5

> CVE-2013-1623

-> Only fixed in 5.5

> CVE-2014-0001

This is already fixed: 5.1.34
First Last Prev Next    This bug is not in your last search results.