[debian-mysql] Bug#675872: Bug#675872: mysql-server-5.1: CVE-2012-0882 - one more underspecified security problem
Nicholas Bamber
nicholas at periapt.co.uk
Sun Jun 3 21:26:04 UTC 2012
Arne,
The issue sounds a bit like #674267 though I had not perceived the
latter to be a security issue. The commonality is as follows:
1.) i386 systems only (well the video does not say its i386 only, but
they don't mention anything else).
2.) 5.5.* - the video actually talks about 5.5.20.
3.) yassl rather than openssl
On 03/06/12 19:56, Arne Wichmann wrote:
> Package: mysql-server-5.1
> Version: 5.1.61-0+squeeze1
> Severity: important
>
> Hi. Quoting from the RedHat Bugreport [1]:
>
> CVE-2012-0882: unspecified remote exploit (released with VulnDisco Pack
> Professional 9.17).
>
> This is mostly a heads-up as there is not enough information to fix this bug.
>
> See also: [2] [3] [4]
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0882
> [2] http://security-tracker.debian.org/tracker/CVE-2012-0882
> [3] http://www.openwall.com/lists/oss-security/2012/02/24/3
> [4] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0882.html
>
> cu
>
> AW
>
> -- System Information:
> Debian Release: 6.0.4
> APT prefers stable
> APT policy: (500, 'stable'), (80, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-042stab049.6 (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages mysql-server-5.1 depends on:
> ii adduser 3.112+nmu2 add and remove users and groups
> ii debconf [de 1.5.36.1 Debian configuration management sy
> ii libc6 2.13-27 Embedded GNU C Library: Shared lib
> ii libdbi-perl 1.616-1+b1 Perl Database Interface (DBI)
> ii libgcc1 1:4.6.3-1 GCC support library
> ii libmysqlcli 5.1.61-0+squeeze1 MySQL database client library
> ii libstdc++6 4.6.3-1 GNU Standard C++ Library v3
> ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
> ii mysql-clien 5.1.61-0+squeeze1 MySQL database client binaries
> ii mysql-commo 5.1.61-0+squeeze1 MySQL database common files, e.g.
> ii mysql-serve 5.1.61-0+squeeze1 MySQL database server binaries
> ii passwd 1:4.1.4.2+svn3283-2+squeeze1 change and administer password and
> ii perl 5.12.4-4 Larry Wall's Practical Extraction
> ii psmisc 22.11-1 utilities that use the proc file s
> ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
>
> Versions of packages mysql-server-5.1 recommends:
> ii heirloom-mailx [mailx] 12.4-2 feature-rich BSD mail(1)
> pn libhtml-template-perl<none> (no description available)
>
> Versions of packages mysql-server-5.1 suggests:
> pn tinyca<none> (no description available)
>
> -- debconf information:
> mysql-server/error_setting_password:
> mysql-server-5.1/start_on_boot: true
> mysql-server-5.1/postrm_remove_databases: false
> mysql-server-5.1/nis_warning:
> mysql-server-5.1/really_downgrade: false
> mysql-server/password_mismatch:
> mysql-server/no_upgrade_when_using_ndb:
>
>
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>
More information about the pkg-mysql-maint
mailing list