Bug 8784

some of these issues have been known for a while now and Oracle is catching up:

CVE-2012-5611 is really the CVE-2012-5579 which is already fixed.
CVE-2012-5612 is https://mariadb.atlassian.net/browse/MDEV-3908

also trying to determine if it's necessary to do CVE-2012-1702 & CVE-2013-0383 .

looking into it...

found patch for CVE-2012-5612

ok, it seems that with the other two (reported as exploitable without authentication) imagination needs to be stretched beyond human levels to be calling them exploitable without authentication... let alone be a high risk security issue.

submitted mariadb-5.5.25-2.5.mga2 and mariadb-5.5.28-6.mga3

Assignee: bugsquad => qa-bugs

So we're only fixing CVE-2012-5612?

If so, here's an advisory.

Advisory:
========================

Updated mariadb packages fix security vulnerability:

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through
5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote
authenticated users to cause a denial of service (memory corruption and crash)
and possibly execute arbitrary code, as demonstrated using certain variations
of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW
COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER
TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands
(CVE-2012-5612).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://mariadb.atlassian.net/browse/MDEV-3908
http://www.ubuntu.com/usn/usn-1703-1/
========================

Updated packages in core/updates_testing:
========================
mariadb-5.5.25-2.5.mga2
mysql-MariaDB-5.5.25-2.5.mga2
mariadb-feedback-5.5.25-2.5.mga2
mariadb-extra-5.5.25-2.5.mga2
mariadb-obsolete-5.5.25-2.5.mga2
mariadb-core-5.5.25-2.5.mga2
mariadb-common-core-5.5.25-2.5.mga2
mariadb-common-5.5.25-2.5.mga2
mariadb-client-5.5.25-2.5.mga2
mariadb-bench-5.5.25-2.5.mga2
libmariadb18-5.5.25-2.5.mga2
libmariadb-devel-5.5.25-2.5.mga2
libmariadb-embedded18-5.5.25-2.5.mga2
libmariadb-embedded-devel-5.5.25-2.5.mga2

from mariadb-5.5.25-2.5.mga2.src.rpm

Testing complete on Mageia 2 i586 and x86-64.

I couldn't get the limited poc to crash the server, so just testing that
I'm able to create a database and table, and insert/browse rows.

Could someone from the sysadmin team push the srpm
mariadb-5.5.25-2.5.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated mariadb packages fix security vulnerability:

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through
5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote
authenticated users to cause a denial of service (memory corruption and crash)
and possibly execute arbitrary code, as demonstrated using certain variations
of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW
COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER
TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands
(CVE-2012-5612).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://mariadb.atlassian.net/browse/MDEV-3908
http://www.ubuntu.com/usn/usn-1703-1/

https://bugs.mageia.org/show_bug.cgi?id=8784

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0019

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Patch for this added in Mageia 1 SVN.