1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2496-1] mysql-5.1 security update

    From Thijs Kinkhorst@1:229/2 to All on Mon Jun 18 22:40:01 2012
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2496-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
    June 18, 2012 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : mysql-5.1
    Vulnerability : several
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-0583 CVE-2012-1688 CVE-2012-1690 CVE-2012-1703
    CVE-2012-2122
    Debian Bug : 670636 677018

    Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream
    version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html

    CVE-2012-2122, an authentication bypass vulnerability, occurs only when
    MySQL has been built in with certain optimisations enabled. The packages
    in Debian stable (squeeze) are not known to be affected by this
    vulnerability. It is addressed in this update nonetheless, so future
    rebuilds will not become vulnerable to this issue.

    For the stable distribution (squeeze), these problems have been fixed in version 5.1.63-0+squeeze1.

    For the testing distribution (wheezy), these problems has been fixed
    in version 5.1.62-1 of the mysql-5.1 package and version 5.5.24+dfsg-1
    of the mysql-5.5 package.

    We recommend that you upgrade your MySQL packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJP35YQAAoJEL97/wQC1SS+NosIAJx90ueK3F6RfFUd9UhE95SX ZhdLIA7wNe2OLek3BG0iO5SnSSzGNXMBi5Rcbwbi2tzd+0MiiBYy9oy4wxCfRjIW NSbYrTW7dLzlJXPxmDW1gTu8bpSaj8RGlAuXgvI0okyBoYBD25yJyAWq/YtDSIuh hwWWph+1FKB95N8CpN/tRsSr7MAiEVCrGAwl4brmiHIsLopMYCrzwHy4TFOVCcn8 ryyHkmf8D5Xa4z3pcT2CUcVdq0Ad76Fy7uxmgbd5xXCItImnBOJ64bD04G4WA3Fm WI2QoEwCMj6p1523v3RdX9lVnJB7jgY9xKanOb9j8Got71mkpdrPwW3gg1NsuOQ=
    =kFaD
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)