Debian DSA-2496-1 : mysql-5.1 - several vulnerabilities

NASLDB: Debian DSA-2496-1 : mysql-5.1 - several vulnerabilities

General

ID: 59774
Name: Debian DSA-2496-1 : mysql-5.1 – several vulnerabilities

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Due to the non-disclosure of security patch information from
Oracle, we are forced to ship an upstream version update of MySQL
5.1. There are several known incompatible changes, which are
listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to a new upstream
version, 5.1.63, which includes additional changes, such as
performance improvements and corrections for data loss defects. These
changes are described in the MySQL release notes.

CVE-2012-2122, an authentication bypass vulnerability, occurs only
when MySQL has been built in with certain optimisations enabled. The
packages in Debian stable (squeeze) are not known to be affected by
this vulnerability. It is addressed in this update nonetheless, so
future rebuilds will not become vulnerable to this issue.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2012-0540
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/06/18
Plugin Release: 2012/06/29

Plugin

Version: 1.7
Filename: debian_DSA-2496.nasl
Filesize: 4491 bytes
MD5 Hash: fc663e51ec625f59e421ffe79841c9e5

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG