Bug 767848

Summary: VUL-0: CVE-2012-2749: mysqld crash
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Michal Hrusecky <mhrusecky>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: mantel, meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2012-06-20 07:50:33 UTC 
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2012-2749

------------------------------------------------------------------------------
Date: Mon, 18 Jun 2012 18:50:01 +0200
From: Tomas Hoger <thoger@redhat.com>

[...]
5.1.63 release notes also mention additional security fix:

 * Security Fix: Bug #59387 was fixed.

which can be tracked to the following commit:

http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.16

This allows non-admin mysql user to crash mysqld.  The fix is also in
5.5.24, but it is not mentioned in 5.5.24 releases notes or changelog
file included in the sources.  5.0.x is affected too.
Comment 1 Swamp Workflow Management 2012-06-20 22:00:10 UTC 
bugbot adjusting priority
Comment 3 Matthias Weckbecker 2013-07-01 15:30:52 UTC 
CVSS Scorting for the issue(s):

$VAR1 = \{
            'CVE-2012-2749' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P'
          };
Comment 5 Marcus Meissner 2014-03-04 15:55:59 UTC 
We will not release mysql updates for older products anymore, and SLES 11 SP3 has mysql 5.5 which is fixed.