Univention Bugzilla – Bug 33293
mysql-5.1: Multiple issues (3.2)
Last modified: 2019-04-11 19:24:17 CEST
+++ This bug was initially created as a clone of Bug #32800 +++ CVE-2012-5615 CVE-2012-5627 CVE-2012-4414 CVE-2013-0169 CVE-2013-1623 CVE-2013-2162
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html : CVE-2014-0412 CVE-2014-0402 CVE-2014-0386 CVE-2014-0401 CVE-2014-0437 CVE-2014-0393
Buffer overflow in the command line tool when parsing a malformed server identity string (CVE-2014-0001)
(In reply to Moritz Muehlenhoff from comment #1) > http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html : > CVE-2014-0412 > CVE-2014-0402 > CVE-2014-0386 > CVE-2014-0401 > CVE-2014-0437 > CVE-2014-0393 These issues were fixed with the update to Squeeze 6.0.9 (Bug 34588). The following issues are still unfixed in upstream mySQL: CVE-2012-5615 CVE-2012-5627 CVE-2012-4414 CVE-2013-1623 CVE-2013-2162 CVE-2014-0001 (CVE-2013-0169 is the generic protocol issue and CVE-2013-1623 the specific ID for mysql)
These issues are all not fixed in MySQL 5.1 and since we're following the upstream releases issues by Oracle we cannot fix them either: > The following issues are still unfixed in upstream mySQL: > CVE-2012-5615 -> This has only been fixed in 5.5 > CVE-2012-5627 -> This turned out to be a non-issue and not much different from standard bruteforce guessing > CVE-2012-4414 This has only been fixed in 5.5 > CVE-2013-1623 -> Only fixed in 5.5 > CVE-2014-0001 This is already fixed: 5.1.34