Brojni nedostaci programskog paketa mysql

U radu programskog paketa mysql otkriveni su višestruki propusti. Potencijalni napadači ih mogu iskoristiti za napad na dostupnost, integritet i povjerljivost sustava.

Paket:	mysql 5.x
Operacijski sustavi:	openSUSE 11.4
Kritičnost:	5.5
Problem:	nespecificirana pogreška
Iskorištavanje:	udaljeno
Posljedica:	dobivanje većih privilegija, izmjena podataka, otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492
Izvorni ID preporuke:	openSUSE-SU-2012:0618-1
Izvor:	SUSE

Problem:
U radu programskog paketa otkrivene su brojne ranjivosti nepoznatog uzroka.
Posljedica:
Udaljeni zlonamjerni napadači mogu iskoristiti nedostatke kako bi ugrozili dostupnost, integritet i povjerljivost sustava.
Rješenje:
Svim korisnicima se savjetuje primjena službenih zakrpi koje otklanjaju propuste.

Izvorni tekst preporuke

______________________________________________________________________________
Announcement ID:    openSUSE-SU-2012:0618-1
Rating:             moderate
References:         675870,734436,742272,758460
Cross-References:   CVE-2011-2262,CVE-2012-0075,CVE-2012-0087,CVE-2012-0101,CVE-2012-0102,CVE-2012-0112,CVE-2012-0113,CVE-2012-0114,CVE-2012-0115,CVE-2012-0116,CVE-2012-0118,CVE-2012-0119,CVE-2012-0120,CVE-2012-0484,CVE-2012-0485,CVE-2012-0490,CVE-2012-0492,CVE-2012-0583,CVE-2012-1688,CVE-2012-1690,CVE-2012-1703
Affected Products:

openSUSE 11.4

______________________________________________________________________________

Description:

 mysql update to version 5.1.62 fixes several security
issues and bugs. Please refer to the following upstream
announcements for details:

- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-58.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-59.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-60.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-61.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html


Patch Instructions: 
   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-273



Package List: 

   - openSUSE 11.4 (i586 x86_64):

      libmysqlclient-devel-5.1.62-52.1
      libmysqlclient16-5.1.62-52.1
      libmysqlclient16-debuginfo-5.1.62-52.1
      libmysqlclient_r16-5.1.62-52.1
      libmysqlclient_r16-debuginfo-5.1.62-52.1
      libmysqld-devel-5.1.62-52.1
      libmysqld0-5.1.62-52.1
      libmysqld0-debuginfo-5.1.62-52.1
      mysql-community-server-5.1.62-52.1
      mysql-community-server-bench-5.1.62-52.1
      mysql-community-server-bench-debuginfo-5.1.62-52.1
      mysql-community-server-client-5.1.62-52.1
      mysql-community-server-client-debuginfo-5.1.62-52.1
      mysql-community-server-debug-5.1.62-52.1
      mysql-community-server-debug-debuginfo-5.1.62-52.1
      mysql-community-server-debuginfo-5.1.62-52.1
      mysql-community-server-debugsource-5.1.62-52.1
      mysql-community-server-test-5.1.62-52.1
      mysql-community-server-test-debuginfo-5.1.62-52.1
      mysql-community-server-tools-5.1.62-52.1
      mysql-community-server-tools-debuginfo-5.1.62-52.1

   - openSUSE 11.4 (x86_64):

      libmysqlclient16-32bit-5.1.62-52.1
      libmysqlclient16-debuginfo-32bit-5.1.62-52.1
      libmysqlclient_r16-32bit-5.1.62-52.1
      libmysqlclient_r16-debuginfo-32bit-5.1.62-52.1

   - openSUSE 11.4 (ia64):

      libmysqlclient16-debuginfo-x86-5.1.62-52.1
      libmysqlclient16-x86-5.1.62-52.1
      libmysqlclient_r16-debuginfo-x86-5.1.62-52.1
      libmysqlclient_r16-x86-5.1.62-52.1


References:

http://support.novell.com/security/cve/CVE-2011-2262.html
http://support.novell.com/security/cve/CVE-2012-0075.html
http://support.novell.com/security/cve/CVE-2012-0087.html
http://support.novell.com/security/cve/CVE-2012-0101.html
http://support.novell.com/security/cve/CVE-2012-0102.html
http://support.novell.com/security/cve/CVE-2012-0112.html
http://support.novell.com/security/cve/CVE-2012-0113.html
http://support.novell.com/security/cve/CVE-2012-0114.html
http://support.novell.com/security/cve/CVE-2012-0115.html
http://support.novell.com/security/cve/CVE-2012-0116.html
http://support.novell.com/security/cve/CVE-2012-0118.html
http://support.novell.com/security/cve/CVE-2012-0119.html
http://support.novell.com/security/cve/CVE-2012-0120.html
http://support.novell.com/security/cve/CVE-2012-0484.html
http://support.novell.com/security/cve/CVE-2012-0485.html
http://support.novell.com/security/cve/CVE-2012-0490.html
http://support.novell.com/security/cve/CVE-2012-0492.html
http://support.novell.com/security/cve/CVE-2012-0583.html
http://support.novell.com/security/cve/CVE-2012-1688.html
http://support.novell.com/security/cve/CVE-2012-1690.html
http://support.novell.com/security/cve/CVE-2012-1703.html
https://bugzilla.novell.com/675870
https://bugzilla.novell.com/734436
https://bugzilla.novell.com/742272
https://bugzilla.novell.com/758460

Brojni nedostaci programskog paketa mysql

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Brojni nedostaci programskog paketa mysql

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti