Bug 8784 - mariadb new possible security issues fixed in mysql 5.5.29
: mariadb new possible security issues fixed in mysql 5.5.29
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/533576/
: MGA2-64-OK MGA2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-01-22 22:53 CET by David Walser
Modified: 2013-01-29 02:26 CET (History)
4 users (show)

See Also:
Source RPM: mariadb
CVE:
Status comment:


Attachments

Description David Walser 2013-01-22 22:53:40 CET
Ubuntu has issued an advisory today (January 22):
http://www.ubuntu.com/usn/usn-1703-1/

Mageia 2 is also potentially affected.
Comment 1 AL13N 2013-01-23 00:28:19 CET
some of these issues have been known for a while now and Oracle is catching up:

CVE-2012-5611 is really the CVE-2012-5579 which is already fixed.
CVE-2012-5612 is https://mariadb.atlassian.net/browse/MDEV-3908

also trying to determine if it's necessary to do CVE-2012-1702 & CVE-2013-0383 .

looking into it...
Comment 2 AL13N 2013-01-23 08:28:17 CET
found patch for CVE-2012-5612
Comment 3 AL13N 2013-01-24 00:03:24 CET
ok, it seems that with the other two (reported as exploitable without authentication) imagination needs to be stretched beyond human levels to be calling them exploitable without authentication... let alone be a high risk security issue.

submitted mariadb-5.5.25-2.5.mga2 and mariadb-5.5.28-6.mga3
Comment 4 David Walser 2013-01-24 00:23:51 CET
So we're only fixing CVE-2012-5612?

If so, here's an advisory.

Advisory:
========================

Updated mariadb packages fix security vulnerability:

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through
5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote
authenticated users to cause a denial of service (memory corruption and crash)
and possibly execute arbitrary code, as demonstrated using certain variations
of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW
COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER
TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands
(CVE-2012-5612).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://mariadb.atlassian.net/browse/MDEV-3908
http://www.ubuntu.com/usn/usn-1703-1/
========================

Updated packages in core/updates_testing:
========================
mariadb-5.5.25-2.5.mga2
mysql-MariaDB-5.5.25-2.5.mga2
mariadb-feedback-5.5.25-2.5.mga2
mariadb-extra-5.5.25-2.5.mga2
mariadb-obsolete-5.5.25-2.5.mga2
mariadb-core-5.5.25-2.5.mga2
mariadb-common-core-5.5.25-2.5.mga2
mariadb-common-5.5.25-2.5.mga2
mariadb-client-5.5.25-2.5.mga2
mariadb-bench-5.5.25-2.5.mga2
libmariadb18-5.5.25-2.5.mga2
libmariadb-devel-5.5.25-2.5.mga2
libmariadb-embedded18-5.5.25-2.5.mga2
libmariadb-embedded-devel-5.5.25-2.5.mga2

from mariadb-5.5.25-2.5.mga2.src.rpm
Comment 5 Dave Hodgins 2013-01-25 00:45:52 CET
Testing complete on Mageia 2 i586 and x86-64.

I couldn't get the limited poc to crash the server, so just testing that
I'm able to create a database and table, and insert/browse rows.

Could someone from the sysadmin team push the srpm
mariadb-5.5.25-2.5.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated mariadb packages fix security vulnerability:

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through
5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote
authenticated users to cause a denial of service (memory corruption and crash)
and possibly execute arbitrary code, as demonstrated using certain variations
of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW
COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER
TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands
(CVE-2012-5612).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://mariadb.atlassian.net/browse/MDEV-3908
http://www.ubuntu.com/usn/usn-1703-1/

https://bugs.mageia.org/show_bug.cgi?id=8784
Comment 6 Thomas Backlund 2013-01-25 01:18:48 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0019
Comment 7 David Walser 2013-01-29 02:26:26 CET
Patch for this added in Mageia 1 SVN.

Note You need to log in before you can comment on or make changes to this bug.