Executive Summary
Summary | |
---|---|
Title | mysql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0105 | First vendor Publication | 2012-02-08 |
Vendor | RedHat | Last vendor Modification | 2012-02-08 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.5 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 783793 - CVE-2011-2262 mysql: Unspecified vulnerability allows remote attackers to affect availability 783794 - CVE-2012-0075 mysql: Unspecified vulnerability allows remote authenticated users to affect integrity 783795 - CVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783797 - CVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783798 - CVE-2012-0102 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783799 - CVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783800 - CVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability 783801 - CVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity 783802 - CVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783803 - CVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity 783805 - CVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability 783806 - CVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783807 - CVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783808 - CVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality 783809 - CVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783815 - CVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783817 - CVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0105.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15023 | |||
Oval ID: | oval:org.mitre.oval:def:15023 | ||
Title: | DSA-2429-1 mysql-5.1 -- several | ||
Description: | Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2429-1 CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | mysql-5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20957 | |||
Oval ID: | oval:org.mitre.oval:def:20957 | ||
Title: | RHSA-2012:0127: mysql security update (Moderate) | ||
Description: | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0127-01 CESA-2012:0127 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 | Version: | 107 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23295 | |||
Oval ID: | oval:org.mitre.oval:def:23295 | ||
Title: | ELSA-2012:0127: mysql security update (Moderate) | ||
Description: | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0127-01 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for mysql CESA-2012:0105 centos6 File : nvt/gb_CESA-2012_0105_mysql_centos6.nasl |
2012-07-30 | Name : CentOS Update for mysql CESA-2012:0127 centos5 File : nvt/gb_CESA-2012_0127_mysql_centos5.nasl |
2012-07-09 | Name : RedHat Update for mysql RHSA-2012:0105-01 File : nvt/gb_RHSA-2012_0105-01_mysql.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2429-1 (mysql-5.1) File : nvt/deb_2429_1.nasl |
2012-04-02 | Name : Fedora Update for mysql FEDORA-2012-0972 File : nvt/gb_fedora_2012_0972_mysql_fc16.nasl |
2012-03-16 | Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl |
2012-02-21 | Name : RedHat Update for mysql RHSA-2012:0127-01 File : nvt/gb_RHSA-2012_0127-01_mysql.nasl |
2012-02-13 | Name : Fedora Update for mysql FEDORA-2012-0987 File : nvt/gb_fedora_2012_0987_mysql_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78393 | Oracle MySQL Server Unspecified Remote DoS (2012-0492) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78391 | Oracle MySQL Server Unspecified Remote DoS (2012-0112) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78388 | Oracle MySQL Server Unspecified Remote DoS (2012-0490) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78383 | Oracle MySQL Server Unspecified Remote DoS (2012-0485) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78382 | Oracle MySQL Server Unspecified Remote DoS (2012-0120) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78381 | Oracle MySQL Server Unspecified Remote DoS (2012-0119) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78380 | Oracle MySQL Server Unspecified Remote DoS (2012-0115) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78379 | Oracle MySQL Server Unspecified Remote DoS (2012-0102) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78378 | Oracle MySQL Server Unspecified Remote DoS (2012-0101) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78377 | Oracle MySQL Server Unspecified Remote DoS (2012-0087) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78376 | Oracle MySQL Server Unspecified Remote DoS (2011-2262) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78374 | Oracle MySQL Server Unspecified Remote Issue (2012-0075) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote attacker to cause a loss of integrity. |
78373 | Oracle MySQL Server Unspecified Local Issue Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a local attacker to cause a loss in confidentiality and integrity. |
78372 | Oracle MySQL Server Unspecified Remote Information Disclosure Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote information disclosure, resulting in a loss of confidentiality. |
78370 | Oracle MySQL Server Unspecified Remote Issue (2012-0118) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service or information disclosure, resulting in a loss of availability and confidentiality. |
78369 | Oracle MySQL Server Unspecified Remote Issue (2012-0116) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote authenticated attacker to cause a loss of confidentiality and integrity. |
78368 | Oracle MySQL Server Unspecified Remote Issue (2012-0113) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service or information disclosure, resulting in a loss of availability and confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10601.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14410.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-44.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120208_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO |
2012-03-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2429.nasl - Type : ACT_GATHER_INFO |
2012-02-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2012-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0987.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0972.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_95.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:36 |
|