Red Hat Bugzilla – Bug 841360
CVE-2012-1757 mysql: unspecified vulnerability related to InnoDB DoS
Last modified: 2013-10-03 20:30:51 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1757 to
the following vulnerability:
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB.
According to upstream security page, this issue only affected MySQL 5.5.x versions and did not affect 5.1.x versions. MySQL versions shipped with Red Hat Enterprise Linux are older than 5.5 (5.0.x in Red Hat Enterprise Linux 5 and 5.1.x in Red Hat Enterprise Linux 6). MySQL packages in Fedora are already updated to fixed upstream version (all supported Fedora versions currently have 5.5.25a).
Upstream has not provided any further details about this flaw.
@Tomas Hoger -
The CVE lists this vulnerability as applicable to versions of MySQL Server 5.5.23 "and earlier"
Are you certain the versions 5.1.x and 5.0.x (in our case) are not vulnerable?
Those issues that affected 5.1 are listed in upstream advisory (linked form comment #0) as "5.1.x and earlier, 5.5.y and earlier" affected.
Removing external tracker bug with the id '00683243' as it is not valid for this tracker