[Secure-testing-team] Bug#695001: mysql-5.5: New MySQL issues
Moritz Muehlenhoff
jmm at inutil.org
Mon Dec 3 07:49:20 UTC 2012
Package: mysql-5.5
Severity: grave
Tags: security
Justification: user security hole
Exploits for new MySQL issues have been posted to the full-disclosure mailing list.
This mail summarises the current state of affairs:
CVE-2012-5611 (formerly tracked as CVE-2012-5579)
Exploit: http://seclists.org/fulldisclosure/2012/Dec/4
Patch already available through mariadb.
CVE-2012-5612
Exploit: http://seclists.org/fulldisclosure/2012/Dec/5
mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3908
CVE-2012-5613
Exploit: http://seclists.org/fulldisclosure/2012/Dec/6
This was discussed to be intended behaviour:
http://seclists.org/oss-sec/2012/q4/388
CVE-2012-5614
Exploit: http://seclists.org/fulldisclosure/2012/De
mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3910
CVE-2012-5615
Exploit: http://seclists.org/fulldisclosure/2012/Dec/9
mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3909
Cheers,
Moritz
More information about the Secure-testing-team
mailing list