Ubuntu has issued an advisory today (January 22): http://www.ubuntu.com/usn/usn-1703-1/ Mageia 2 is also potentially affected.
CC: (none) => alienWhiteboard: (none) => MGA2TOO
CC: (none) => tmb
some of these issues have been known for a while now and Oracle is catching up: CVE-2012-5611 is really the CVE-2012-5579 which is already fixed. CVE-2012-5612 is https://mariadb.atlassian.net/browse/MDEV-3908 also trying to determine if it's necessary to do CVE-2012-1702 & CVE-2013-0383 . looking into it...
Hardware: i586 => AllSeverity: major => normal
found patch for CVE-2012-5612
ok, it seems that with the other two (reported as exploitable without authentication) imagination needs to be stretched beyond human levels to be calling them exploitable without authentication... let alone be a high risk security issue. submitted mariadb-5.5.25-2.5.mga2 and mariadb-5.5.28-6.mga3
Assignee: bugsquad => qa-bugs
So we're only fixing CVE-2012-5612? If so, here's an advisory. Advisory: ======================== Updated mariadb packages fix security vulnerability: Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands (CVE-2012-5612). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html https://mariadb.atlassian.net/browse/MDEV-3908 http://www.ubuntu.com/usn/usn-1703-1/ ======================== Updated packages in core/updates_testing: ======================== mariadb-5.5.25-2.5.mga2 mysql-MariaDB-5.5.25-2.5.mga2 mariadb-feedback-5.5.25-2.5.mga2 mariadb-extra-5.5.25-2.5.mga2 mariadb-obsolete-5.5.25-2.5.mga2 mariadb-core-5.5.25-2.5.mga2 mariadb-common-core-5.5.25-2.5.mga2 mariadb-common-5.5.25-2.5.mga2 mariadb-client-5.5.25-2.5.mga2 mariadb-bench-5.5.25-2.5.mga2 libmariadb18-5.5.25-2.5.mga2 libmariadb-devel-5.5.25-2.5.mga2 libmariadb-embedded18-5.5.25-2.5.mga2 libmariadb-embedded-devel-5.5.25-2.5.mga2 from mariadb-5.5.25-2.5.mga2.src.rpm
Version: Cauldron => 2Whiteboard: MGA2TOO => (none)
Testing complete on Mageia 2 i586 and x86-64. I couldn't get the limited poc to crash the server, so just testing that I'm able to create a database and table, and insert/browse rows. Could someone from the sysadmin team push the srpm mariadb-5.5.25-2.5.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated mariadb packages fix security vulnerability: Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands (CVE-2012-5612). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html https://mariadb.atlassian.net/browse/MDEV-3908 http://www.ubuntu.com/usn/usn-1703-1/ https://bugs.mageia.org/show_bug.cgi?id=8784
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0019
Status: NEW => RESOLVEDResolution: (none) => FIXED
Patch for this added in Mageia 1 SVN.