Bug 767848 - VUL-0: CVE-2012-2749: mysqld crash
VUL-0: CVE-2012-2749: mysqld crash
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michal Hrusecky
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-20 07:50 UTC by Ludwig Nussel
Modified: 2014-03-04 15:55 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2012-06-20 07:50:33 UTC
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2012-2749

------------------------------------------------------------------------------
Date: Mon, 18 Jun 2012 18:50:01 +0200
From: Tomas Hoger <thoger@redhat.com>

[...]
5.1.63 release notes also mention additional security fix:

 * Security Fix: Bug #59387 was fixed.

which can be tracked to the following commit:

http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.16

This allows non-admin mysql user to crash mysqld.  The fix is also in
5.5.24, but it is not mentioned in 5.5.24 releases notes or changelog
file included in the sources.  5.0.x is affected too.
Comment 1 Swamp Workflow Management 2012-06-20 22:00:10 UTC
bugbot adjusting priority
Comment 3 Matthias Weckbecker 2013-07-01 15:30:52 UTC
CVSS Scorting for the issue(s):

$VAR1 = \{
            'CVE-2012-2749' => '4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P'
          };
Comment 5 Marcus Meissner 2014-03-04 15:55:59 UTC
We will not release mysql updates for older products anymore, and SLES 11 SP3 has mysql 5.5 which is fixed.