Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-2006-1)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04
LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to
MySQL 5.5.34.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-34.html
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.h
tml.

Solution :

Update the affected mysql-server-5.1 and / or mysql-server-5.5
packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 70606 ()

Bugtraq ID: 63105
63109

CVE ID: CVE-2013-3839
CVE-2013-5807