Bug 895568 (mysql-cpu-2013-01) - mysql: Oracle CPU January 2013
Summary: mysql: Oracle CPU January 2013
Keywords:
Status: CLOSED ERRATA
Alias: mysql-cpu-2013-01
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: CVE-2012-5611 CVE-2012-5612 CVE-2012-5060 CVE-2013-0384 CVE-2013-0389 CVE-2013-0386 CVE-2013-0385 CVE-2013-0375 CVE-2012-1702 CVE-2013-0383 CVE-2013-0368 CVE-2012-0572 CVE-2013-0371 CVE-2012-0574 CVE-2012-1705 CVE-2012-0578 CVE-2013-0367 CVE-2012-5096
Blocks: 895572
TreeView+ depends on / blocked
 
Reported: 2013-01-15 14:46 UTC by Tomas Hoger
Modified: 2019-09-29 12:59 UTC (History)
3 users (show)

Fixed In Version: mysql 5.1.67, mysql 5.5.29
Clone Of:
Environment:
Last Closed: 2015-08-22 15:21:41 UTC
Embargoed:

Attachments (Terms of Use)

Description Tomas Hoger 2013-01-15 14:46:35 UTC 
This bug is for Oracle Critical Patch Update Advisory - January 2013:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Pre-release of the advisory indicates that it will include 18 CVEs for MySQL, 2 of them remotely exploitable without authentication.

This update is likely to mention previously published issues as CVE-2012-5611 (bug 881064, comment 21) and CVE-2012-5612 (bug 882600).
Comment 1 Tomas Hoger 2013-01-17 20:06:50 UTC 
MySQL risk matrix:

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL

Fixes are included in version 5.1.67 and 5.5.29.

Previous CPU for MySQL was released in October 2012 (bug 870399) and covered issues up to versions 5.1.66 and 5.5.28.  Hence these are releases since the last CPU:

http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html

http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-29.html
Note You need to log in before you can comment on or make changes to this bug.