It was reported [1] that VulnDisco Pack Professional 9.17 contains a working remote 0-day exploit against MySQL 5.5.20. No further information has been provided or is currently available. Note: Since no further detailed information is currently available about this flaw, Red Hat Security Response Team is actively investigating the progress done on this (both with upstream and the reporter) and will update this record with further information as soon as it is available. [1] https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
Statement: We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue.
Bit more additional info can be found in: https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov Exploit notes shown in the video indicate that the flaw is "yassl buffer overflow". MySQL packages in Red Hat Enterprise Linux and Fedora do not use yaSSL and are linked against system OpenSSL library to provide SSL. Hence if this really is a yaSSL flaw, Red Hat Enterprise Linux and Fedora packages should be unaffected.
This was assigned CVE-2012-0882: http://www.openwall.com/lists/oss-security/2012/02/24/2