[debian-mysql] Bug#675872: mysql-server-5.1: CVE-2012-0882 - one more underspecified security problem

Arne Wichmann aw at fva-wg.de
Sun Jun 3 18:56:19 UTC 2012 

Package: mysql-server-5.1
Version: 5.1.61-0+squeeze1
Severity: important

Hi. Quoting from the RedHat Bugreport [1]:

CVE-2012-0882: unspecified remote exploit (released with VulnDisco Pack
Professional 9.17).

This is mostly a heads-up as there is not enough information to fix this bug.

See also: [2] [3] [4]

[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0882
[2] http://security-tracker.debian.org/tracker/CVE-2012-0882
[3] http://www.openwall.com/lists/oss-security/2012/02/24/3
[4] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0882.html

cu

AW

-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (500, 'stable'), (80, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-042stab049.6 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages mysql-server-5.1 depends on:
ii  adduser     3.112+nmu2                   add and remove users and groups
ii  debconf [de 1.5.36.1                     Debian configuration management sy
ii  libc6       2.13-27                      Embedded GNU C Library: Shared lib
ii  libdbi-perl 1.616-1+b1                   Perl Database Interface (DBI)
ii  libgcc1     1:4.6.3-1                    GCC support library
ii  libmysqlcli 5.1.61-0+squeeze1            MySQL database client library
ii  libstdc++6  4.6.3-1                      GNU Standard C++ Library v3
ii  lsb-base    3.2-23.2squeeze1             Linux Standard Base 3.2 init scrip
ii  mysql-clien 5.1.61-0+squeeze1            MySQL database client binaries
ii  mysql-commo 5.1.61-0+squeeze1            MySQL database common files, e.g. 
ii  mysql-serve 5.1.61-0+squeeze1            MySQL database server binaries
ii  passwd      1:4.1.4.2+svn3283-2+squeeze1 change and administer password and
ii  perl        5.12.4-4                     Larry Wall's Practical Extraction 
ii  psmisc      22.11-1                      utilities that use the proc file s
ii  zlib1g      1:1.2.3.4.dfsg-3             compression library - runtime

Versions of packages mysql-server-5.1 recommends:
ii  heirloom-mailx [mailx]        12.4-2     feature-rich BSD mail(1)
pn  libhtml-template-perl         <none>     (no description available)

Versions of packages mysql-server-5.1 suggests:
pn  tinyca                        <none>     (no description available)

-- debconf information:
  mysql-server/error_setting_password:
  mysql-server-5.1/start_on_boot: true
  mysql-server-5.1/postrm_remove_databases: false
  mysql-server-5.1/nis_warning:
  mysql-server-5.1/really_downgrade: false
  mysql-server/password_mismatch:
  mysql-server/no_upgrade_when_using_ndb:

More information about the pkg-mysql-maint mailing list