78375

53372

GLSA-201308-06

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

USN-1397-1

mysql-serveruns16-dos(72540)

For BIG-IP systems using the MySQL database, the following MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial of Service (DoS):CVE-2011-2262

CVE-2012-0075

CVE-2012-0087

CVE-2012-0101

CVE-2012-0102

CVE-2012-0112

CVE-2012-0113

CVE-2012-0114

CVE-2012-0115

CVE-2012-0116

CVE-2012-0117

CVE-2012-0118

CVE-2012-0119

CVE-2012-0120

CVE-2012-0484

CVE-2012-0485

CVE-2012-0486

CVE-2012-0487

CVE-2012-0488

CVE-2012-0489

CVE-2012-0490

CVE-2012-0491

CVE-2012-0492

CVE-2012-0493

CVE-2012-0494

CVE-2012-0495

CVE-2012-0496

For Enterprise Manager systems, the following MySQL vulnerability may also allow remote users to gain knowledge of sensitive information, manipulate certain data, or cause a DoS :

CVE-2011-2262

mysql update to version 5.5.23 fixes several security issues and bugs.
Please refer to the following upstream announcements for details :

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-16.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-18.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-19.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html

  - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html

The remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could send a specially crafted request, possibly       resulting in execution of arbitrary code with the privileges of the       application or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to MySQL 5.5.20, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html as well as security fixes described at http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Update to MySQL 5.5.20, for various fixes described at     http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html     as well as security fixes described at     http://www.oracle.com/technetwork/topics/security/cpujan     2012-366304.html

  - Re-include the mysqld logrotate script, now that it's     not so bogus

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of MySQL 5.5 installed on the remote host is earlier than 5.5.20.  Such versions are affected by multiple, as yet unspecified vulnerabilities.

Versions of MySQL Community Server 5.1 earlier than 5.1.61 and 5.5 earlier than 5.5.20 are potentially affected by multiple unspecified vulnerabilities.

Versions of MySQL Server 5.1 earlier than 5.1.61 and 5.5 earlier than 5.5.20 are potentially affected by multiple unspecified vulnerabilities.

ID	Name	Product	Family	Severity
78149	F5 Networks BIG-IP : Multiple MySQL vulnerabilities (K14410)	Nessus	F5 Networks Local Security Checks	medium
74623	openSUSE Security Update : mysql-community-server (openSUSE-2012-273)	Nessus	SuSE Local Security Checks	medium
69508	GLSA-201308-06 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
58325	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)	Nessus	Ubuntu Local Security Checks	high
57899	Fedora 15 : mysql-5.5.20-1.fc15 (2012-0987)	Nessus	Fedora Local Security Checks	medium
57865	Fedora 16 : mysql-5.5.20-1.fc16 (2012-0972)	Nessus	Fedora Local Security Checks	medium
57606	MySQL 5.5 < 5.5.20 Multiple Vulnerabilities	Nessus	Databases	medium
801165	MySQL Server 5.1 < 5.1.61 / 5.5 < 5.5.20 Multiple Unspecified Vulnerabilities	Log Correlation Engine	Database	medium
6264	Oracle MySQL Server 5.1 < 5.1.61 / 5.5 < 5.5.20 Multiple Unspecified Vulnerabilities	Nessus Network Monitor	Database	medium

CVE-2012-0494

low

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

medium

medium

medium

high

medium

medium

medium

medium

medium