Bug 929165 (CVE-2013-1492) - CVE-2013-1492 mysql: yaSSL buffer overflow (a different flaw than CVE-2012-0553)
Summary: CVE-2013-1492 mysql: yaSSL buffer overflow (a different flaw than CVE-2012-0553)
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-1492
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-29 11:01 UTC by Jan Lieskovsky
Modified: 2019-09-29 13:02 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-29 11:07:46 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2013-03-29 11:01:28 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-1492 to the following vulnerability:

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1492
[2] http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html
[3] http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html
[4] https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
[5] http://secunia.com/advisories/52445

Comment 1 Jan Lieskovsky 2013-03-29 11:05:18 UTC
This issue did NOT affect the versions of the mysql package, as shipped with Red Hat Enterprise Linux 5 and 6, as MySQL packages in Red Hat Enterprise Linux are linked against OpenSSL not yaSSL. Therefore the affected code is not used.

--

This issue did NOT affect the versions of the mysql package, as shipped with Fedora release of 17 and 18, as MySQL packages in Fedora are linked against OpenSSL not yaSSL. Therefore the affected code is not used.

Comment 2 Jan Lieskovsky 2013-03-29 11:07:46 UTC
Statement:

Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6, since MySQL packages in Red Hat Enterprise Linux are linked against OpenSSL, and not against yaSSL.


Note You need to log in before you can comment on or make changes to this bug.