Bug 758460 – VUL-0: mysql: april 2012 bugfixes

Bug 758460 - VUL-0: mysql: april 2012 bugfixes


Summary:	VUL-0: mysql: april 2012 bugfixes

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Michal Hrusecky
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2012-04-23 07:11 UTC by Sebastian Krahmer
Modified:	2014-03-04 15:55 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2012-04-23 07:11:40 UTC

Do you have insight, which of these bugs affect us?

http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixMSQL

If it turns out that more than one of them hits us, we will split
them up in an own bugzilla each.

Comment 1 Sebastian Krahmer 2012-04-23 13:18:02 UTC

In particular, these are the following CVE's:

CVE-2012-1703, CVE-2012-0583, CVE-2012-1697, CVE-2012-1688, CVE-2012-1696,
CVE-2012-1690

Comment 2 Swamp Workflow Management 2012-04-23 22:00:23 UTC

bugbot adjusting priority

Comment 3 Michal Hrusecky 2012-05-07 06:26:14 UTC

Oracle released newer versions of MySQL at the same time, so I guess updating to that should cover everything. Fix sent to SLE11 as sr#18679 via IBS, fix for openSUSE sent as mr#116569, mr#116607 and mr#116610.

Comment 4 Swamp Workflow Management 2012-05-14 14:09:08 UTC

openSUSE-SU-2012:0617-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 675870,734436,742272,758460
CVE References: CVE-2009-5026,CVE-2012-0583,CVE-2012-1688,CVE-2012-1690,CVE-2012-1696,CVE-2012-1697,CVE-2012-1703
Sources used:
openSUSE 12.1 (src):    mysql-cluster-7.1.21-2.4.1
openSUSE 11.4 (src):    mysql-cluster-7.1.21-52.1

Comment 5 Swamp Workflow Management 2012-05-14 14:10:46 UTC

openSUSE-SU-2012:0618-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 675870,734436,742272,758460
CVE References: CVE-2011-2262,CVE-2012-0075,CVE-2012-0087,CVE-2012-0101,CVE-2012-0102,CVE-2012-0112,CVE-2012-0113,CVE-2012-0114,CVE-2012-0115,CVE-2012-0116,CVE-2012-0118,CVE-2012-0119,CVE-2012-0120,CVE-2012-0484,CVE-2012-0485,CVE-2012-0490,CVE-2012-0492,CVE-2012-0583,CVE-2012-1688,CVE-2012-1690,CVE-2012-1703
Sources used:
openSUSE 11.4 (src):    mysql-community-server-5.1.62-52.1

Comment 6 Swamp Workflow Management 2012-05-14 14:11:38 UTC

openSUSE-SU-2012:0619-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 675870,734436,742272,758460
CVE References: CVE-2011-2262,CVE-2012-0075,CVE-2012-0087,CVE-2012-0101,CVE-2012-0102,CVE-2012-0112,CVE-2012-0113,CVE-2012-0114,CVE-2012-0115,CVE-2012-0116,CVE-2012-0118,CVE-2012-0119,CVE-2012-0120,CVE-2012-0484,CVE-2012-0485,CVE-2012-0490,CVE-2012-0492,CVE-2012-0583,CVE-2012-1688,CVE-2012-1690,CVE-2012-1703
Sources used:
openSUSE 11.4 (src):    mariadb-5.1.62-39.1

Comment 7 Bernhard Wiedemann 2012-05-21 07:01:04 UTC

This is an autogenerated message for OBS integration:
This bug (758460) was mentioned in
https://build.opensuse.org/request/show/121573 Evergreen:11.2 / mysql

Comment 8 Bernhard Wiedemann 2012-05-24 22:00:41 UTC

This is an autogenerated message for OBS integration:
This bug (758460) was mentioned in
https://build.opensuse.org/request/show/122094 Evergreen:11.2 / mysql

Comment 9 Marcus Meissner 2012-08-16 15:25:18 UTC

The 5.0 issues are all CVSS score 4.0 or lower.

Comment 10 Matthias Weckbecker 2013-07-01 15:38:13 UTC

CVSS Scorting for the issue(s):

$VAR1 = \{
            'CVE-2012-1690' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P',
            'CVE-2012-1697' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P',
            'CVE-2012-1703' => '6.8/AV:N/AC:L/Au:S/C:N/I:N/A:C',
            'CVE-2012-0583' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P',
            'CVE-2012-1688' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P',
            'CVE-2012-1696' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P'
          };

Comment 11 Marcus Meissner 2014-03-04 15:55:01 UTC

We will not release mysql updates for older products anymore, and SLES 11 SP3 has mysql 5.5 which is fixed.