Bug 895568 (mysql-cpu-2013-01)

Summary: mysql: Oracle CPU January 2013
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: byte, hhorak, jlieskov
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mysql 5.1.67, mysql 5.5.29 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 15:21:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 881064, 882600, 896060, 896062, 896063, 896064, 896066, 896067, 896069, 896070, 896071, 896072, 896075, 896076, 896078, 896081, 896082, 896084    
Bug Blocks: 895572    

Description Tomas Hoger 2013-01-15 14:46:35 UTC 
This bug is for Oracle Critical Patch Update Advisory - January 2013:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Pre-release of the advisory indicates that it will include 18 CVEs for MySQL, 2 of them remotely exploitable without authentication.

This update is likely to mention previously published issues as CVE-2012-5611 (bug 881064, comment 21) and CVE-2012-5612 (bug 882600).
Comment 1 Tomas Hoger 2013-01-17 20:06:50 UTC 
MySQL risk matrix:

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL

Fixes are included in version 5.1.67 and 5.5.29.

Previous CPU for MySQL was released in October 2012 (bug 870399) and covered issues up to versions 5.1.66 and 5.5.28.  Hence these are releases since the last CPU:

http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html

http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-29.html