Bug 882608 (CVE-2012-5615)
| Summary: | CVE-2012-5615 mysql: Remote Preauth User Enumeration flaw | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | byte, hhorak, jlieskov, jrusnack, jwalter, patrick.d.mayo, redhat, roomojee |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-12-12 04:48:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1162374, 1162375 | ||
| Bug Blocks: | 882596, 1165433 | ||
|
Description
Huzaifa S. Sidhpurwala
2012-12-02 07:12:17 UTC
Some other references: http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4 https://mariadb.atlassian.net/browse/MDEV-3909 This issue has not been addressed by the recent January 2013 CPU containing mysql security fixes. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Deferring this flaw till upstream fixes it. Statement: (none) This issue affects the version of mysql as shipped with Fedora-17 and Fedora-18. As per the following link: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Upstream claims that this issue is fixed in the Oct 2014 CPU of mysql-5.5 Also mariadb at: https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5539-release-notes/ This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1859 https://rhn.redhat.com/errata/RHSA-2014-1859.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Via RHSA-2014:1862 https://rhn.redhat.com/errata/RHSA-2014-1862.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Via RHSA-2014:1860 https://rhn.redhat.com/errata/RHSA-2014-1860.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1861 https://rhn.redhat.com/errata/RHSA-2014-1861.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1937 https://rhn.redhat.com/errata/RHSA-2014-1937.html This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1940 https://rhn.redhat.com/errata/RHSA-2014-1940.html mariadb-galera-5.5.40-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |