[debian-mysql] Bug#675872: Bug#675872: mysql-server-5.1: CVE-2012-0882 - one more underspecified security problem

Nicholas Bamber nicholas at periapt.co.uk
Sun Jun 3 21:26:04 UTC 2012 

Arne,
	The issue sounds a bit like #674267  though I had not perceived the 
latter to be a security issue. The commonality is as follows:

1.) i386 systems only (well the video does not say its i386 only, but 
they don't mention anything else).
2.) 5.5.* - the video actually talks about 5.5.20.
3.) yassl rather than openssl





On 03/06/12 19:56, Arne Wichmann wrote:
> Package: mysql-server-5.1
> Version: 5.1.61-0+squeeze1
> Severity: important
>
> Hi. Quoting from the RedHat Bugreport [1]:
>
> CVE-2012-0882: unspecified remote exploit (released with VulnDisco Pack
> Professional 9.17).
>
> This is mostly a heads-up as there is not enough information to fix this bug.
>
> See also: [2] [3] [4]
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0882
> [2] http://security-tracker.debian.org/tracker/CVE-2012-0882
> [3] http://www.openwall.com/lists/oss-security/2012/02/24/3
> [4] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0882.html
>
> cu
>
> AW
>
> -- System Information:
> Debian Release: 6.0.4
>    APT prefers stable
>    APT policy: (500, 'stable'), (80, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-042stab049.6 (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages mysql-server-5.1 depends on:
> ii  adduser     3.112+nmu2                   add and remove users and groups
> ii  debconf [de 1.5.36.1                     Debian configuration management sy
> ii  libc6       2.13-27                      Embedded GNU C Library: Shared lib
> ii  libdbi-perl 1.616-1+b1                   Perl Database Interface (DBI)
> ii  libgcc1     1:4.6.3-1                    GCC support library
> ii  libmysqlcli 5.1.61-0+squeeze1            MySQL database client library
> ii  libstdc++6  4.6.3-1                      GNU Standard C++ Library v3
> ii  lsb-base    3.2-23.2squeeze1             Linux Standard Base 3.2 init scrip
> ii  mysql-clien 5.1.61-0+squeeze1            MySQL database client binaries
> ii  mysql-commo 5.1.61-0+squeeze1            MySQL database common files, e.g.
> ii  mysql-serve 5.1.61-0+squeeze1            MySQL database server binaries
> ii  passwd      1:4.1.4.2+svn3283-2+squeeze1 change and administer password and
> ii  perl        5.12.4-4                     Larry Wall's Practical Extraction
> ii  psmisc      22.11-1                      utilities that use the proc file s
> ii  zlib1g      1:1.2.3.4.dfsg-3             compression library - runtime
>
> Versions of packages mysql-server-5.1 recommends:
> ii  heirloom-mailx [mailx]        12.4-2     feature-rich BSD mail(1)
> pn  libhtml-template-perl<none>      (no description available)
>
> Versions of packages mysql-server-5.1 suggests:
> pn  tinyca<none>      (no description available)
>
> -- debconf information:
>    mysql-server/error_setting_password:
>    mysql-server-5.1/start_on_boot: true
>    mysql-server-5.1/postrm_remove_databases: false
>    mysql-server-5.1/nis_warning:
>    mysql-server-5.1/really_downgrade: false
>    mysql-server/password_mismatch:
>    mysql-server/no_upgrade_when_using_ndb:
>
>
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>

More information about the pkg-mysql-maint mailing list