Executive Summary
Summary | |
---|---|
Title | mysql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0127 | First vendor Publication | 2012-02-13 |
Vendor | RedHat | Last vendor Modification | 2012-02-13 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484, CVE-2012-0490) These updated packages upgrade MySQL to version 5.0.95. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 783794 - CVE-2012-0075 mysql: Unspecified vulnerability allows remote authenticated users to affect integrity 783795 - CVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783797 - CVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783798 - CVE-2012-0102 mysql: Unspecified vulnerability allows remote authenticated users to affect availability 783801 - CVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity 783808 - CVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality 783815 - CVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0127.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20957 | |||
Oval ID: | oval:org.mitre.oval:def:20957 | ||
Title: | RHSA-2012:0127: mysql security update (Moderate) | ||
Description: | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0127-01 CESA-2012:0127 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 | Version: | 107 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23295 | |||
Oval ID: | oval:org.mitre.oval:def:23295 | ||
Title: | ELSA-2012:0127: mysql security update (Moderate) | ||
Description: | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0127-01 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for mysql CESA-2012:0105 centos6 File : nvt/gb_CESA-2012_0105_mysql_centos6.nasl |
2012-07-30 | Name : CentOS Update for mysql CESA-2012:0127 centos5 File : nvt/gb_CESA-2012_0127_mysql_centos5.nasl |
2012-07-09 | Name : RedHat Update for mysql RHSA-2012:0105-01 File : nvt/gb_RHSA-2012_0105-01_mysql.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2429-1 (mysql-5.1) File : nvt/deb_2429_1.nasl |
2012-04-02 | Name : Fedora Update for mysql FEDORA-2012-0972 File : nvt/gb_fedora_2012_0972_mysql_fc16.nasl |
2012-03-16 | Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl |
2012-02-21 | Name : RedHat Update for mysql RHSA-2012:0127-01 File : nvt/gb_RHSA-2012_0127-01_mysql.nasl |
2012-02-13 | Name : Fedora Update for mysql FEDORA-2012-0987 File : nvt/gb_fedora_2012_0987_mysql_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78388 | Oracle MySQL Server Unspecified Remote DoS (2012-0490) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78379 | Oracle MySQL Server Unspecified Remote DoS (2012-0102) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78378 | Oracle MySQL Server Unspecified Remote DoS (2012-0101) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78377 | Oracle MySQL Server Unspecified Remote DoS (2012-0087) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78374 | Oracle MySQL Server Unspecified Remote Issue (2012-0075) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote attacker to cause a loss of integrity. |
78373 | Oracle MySQL Server Unspecified Local Issue Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a local attacker to cause a loss in confidentiality and integrity. |
78372 | Oracle MySQL Server Unspecified Remote Information Disclosure Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote information disclosure, resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14410.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-44.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120208_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO |
2012-03-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2429.nasl - Type : ACT_GATHER_INFO |
2012-02-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2012-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0987.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0972.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_95.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-06-28 20:10:11 |
|
2016-04-26 23:38:04 |
|
2014-02-17 11:55:37 |
|
2013-05-11 00:52:36 |
|