Red Hat Bugzilla – Bug 867521
CVE-2012-3149 mysql: unspecified client vulnerability with confidentiality impact
Last modified: 2012-10-26 10:29:13 EDT
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to MySQL client.
Text of the Oracle flaw description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
MySQL Client). Supported versions that are affected are 5.5.26 and earlier.
Difficult to exploit vulnerability allows successful authenticated network
attacks via multiple protocols. Successful attack of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible data.
Upstream notes this issue only affected MySQL versions 5.5. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Current Fedora versions are already updated to fixed upstream version. Closing.