Bug 814282 (CVE-2012-0583)

Summary: CVE-2012-0583 mysql: unspecified DoS vulnerability in MyISAM (Oracle CPU April 2012)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: byte, hhorak
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-24 18:29:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 814308, 832477    

Description Jan Lieskovsky 2012-04-19 14:20:48 UTC
Unspecified vulnerability in the MyISAM subcomponent of the Oracle MySQL server could allow authenticated database users to cause a hang or frequently repeatable crash of the MySQL server via multiple protocols.

Upstream announced, supported MySQL server versions, vulnerable to this flaw:
5.1.60 and earlier and 5.5.19 and earlier

[1] http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixMSQL
[2] http://www.oracle.com/technetwork/topics/security/cpuapr2012verbose-366316.html#Oracle%20MySQL

Comment 4 Tomas Hoger 2012-10-31 13:28:06 UTC
According to upstream advisory, this issue was fixed in version 5.1.61.  Red Hat Enterprise Linux 6 mysql packages were previously updated to 5.1.61 via RHSA-2012:0105:


Comment 5 Vincent Danen 2013-10-24 18:29:43 UTC

On Red Hat Enterprise Linux 5.10, new MySQL 5.5 packages are available which are not vulnerable to this issue.  Future updates for MySQL 5.0 will no longer be made available (mysql-5.0.* and related packages); security advisories will be provided only for MySQL 5.5.  Please refer to https://rhn.redhat.com/errata/RHEA-2013-1330.html for further information.