oss-sec mailing list archives
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c)
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 18 Jun 2012 18:50:01 +0200
Hijacking this thread a bit... On Sat, 9 Jun 2012 17:30:38 +0200 Sergei Golubchik wrote:
MySQL bug report: http://bugs.mysql.com/bug.php?id=64884 MySQL fix: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.17 MySQL changelog: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html
In addition to 64884 / CVE-2012-2122 reported by Sergei, 5.1.63 release notes also mention additional security fix: * Security Fix: Bug #59387 was fixed. which can be tracked to the following commit: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.16 This allows non-admin mysql user to crash mysqld. The fix is also in 5.5.24, but it is not mentioned in 5.5.24 releases notes or changelog file included in the sources. 5.0.x is affected too. Can the CVE be assigned? I'm CCing Oracle security team explicitly, so they can reply with their existing assignment (if any), and/or are aware of the new assignment. Additionally, 5.5.23 changes include another security fix: * Security Fix: Bug #59533 was fixed. However, I've not had much luck trying to find a commit or any further info for this issue. Upstream bug is private. Does anyone have any further info? Additionally, following bugs try to collect info on MySQL security fixes in the last released and an upcoming Oracle CPU: https://bugzilla.redhat.com/show_bug.cgi?id=832477 https://bugzilla.redhat.com/show_bug.cgi?id=832540 It would be nice if Oracle could confirm the mapping between CVEs and particular issues to avoid any incorrect guesses. If anyone else has been looking into trying to map Oracle assigned CVEs to specific changes and has any info missing in the above bugs, feel free to comment there. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Security vulnerability in MySQL/MariaDB sql/password.c Sergei Golubchik (Jun 09)
- Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 18)
- Re: MySQL CVEs Kurt Seifried (Jun 19)
- Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 27)
- Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 18)