U radu programskog paketa MySQL utvrđen je i ispravljen sigurnosni propust. Lokalni su ga napadači mogli iskoristiti za zaobilaženje mehanizma za autentikaciju.
Paket:
mysql 5.x
Operacijski sustavi:
openSUSE 11.4, openSUSE 12.1
Kritičnost:
4.4
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-2122
Izvorni ID preporuke:
openSUSE-SU-2012:0860-1
Izvor:
SUSE
Problem:
Propust je uzrokovan pogreškom u provjeri upisanih podataka prilikom autentikacije.
Posljedica:
Napadačima omogućuje zaobilaženje postavljenih ograničenja.
Rješenje:
Korisnicima se preporuča korištenje ispravljene inačice.
openSUSE Security Update: mysql (CVE-2012-2122)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0860-1
Rating: important
References: #765092
Cross-References: CVE-2012-2122
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Fixing CVE-2012-2122: authentication bypass due to
incorrect type casting
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-378
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-378
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
libmysqlclusterclient16-7.1.22-2.7.1
libmysqlclusterclient16-debuginfo-7.1.22-2.7.1
libmysqlclusterclient_r16-7.1.22-2.7.1
libmysqlclusterclient_r16-debuginfo-7.1.22-2.7.1
mysql-cluster-7.1.22-2.7.1
mysql-cluster-bench-7.1.22-2.7.1
mysql-cluster-bench-debuginfo-7.1.22-2.7.1
mysql-cluster-client-7.1.22-2.7.1
mysql-cluster-client-debuginfo-7.1.22-2.7.1
mysql-cluster-debug-7.1.22-2.7.1
mysql-cluster-debug-debuginfo-7.1.22-2.7.1
mysql-cluster-debuginfo-7.1.22-2.7.1
mysql-cluster-debugsource-7.1.22-2.7.1
mysql-cluster-ndb-extra-7.1.22-2.7.1
mysql-cluster-ndb-extra-debuginfo-7.1.22-2.7.1
mysql-cluster-ndb-management-7.1.22-2.7.1
mysql-cluster-ndb-management-debuginfo-7.1.22-2.7.1
mysql-cluster-ndb-storage-7.1.22-2.7.1
mysql-cluster-ndb-storage-debuginfo-7.1.22-2.7.1
mysql-cluster-ndb-tools-7.1.22-2.7.1
mysql-cluster-ndb-tools-debuginfo-7.1.22-2.7.1
mysql-cluster-test-7.1.22-2.7.1
mysql-cluster-test-debuginfo-7.1.22-2.7.1
mysql-cluster-tools-7.1.22-2.7.1
mysql-cluster-tools-debuginfo-7.1.22-2.7.1
- openSUSE 11.4 (i586 x86_64):
libmysqlclusterclient16-7.1.22-55.1
libmysqlclusterclient16-debuginfo-7.1.22-55.1
libmysqlclusterclient_r16-7.1.22-55.1
libmysqlclusterclient_r16-debuginfo-7.1.22-55.1
mysql-cluster-7.1.22-55.1
mysql-cluster-bench-7.1.22-55.1
mysql-cluster-bench-debuginfo-7.1.22-55.1
mysql-cluster-client-7.1.22-55.1
mysql-cluster-client-debuginfo-7.1.22-55.1
mysql-cluster-debug-7.1.22-55.1
mysql-cluster-debug-debuginfo-7.1.22-55.1
mysql-cluster-debuginfo-7.1.22-55.1
mysql-cluster-debugsource-7.1.22-55.1
mysql-cluster-ndb-extra-7.1.22-55.1
mysql-cluster-ndb-extra-debuginfo-7.1.22-55.1
mysql-cluster-ndb-management-7.1.22-55.1
mysql-cluster-ndb-management-debuginfo-7.1.22-55.1
mysql-cluster-ndb-storage-7.1.22-55.1
mysql-cluster-ndb-storage-debuginfo-7.1.22-55.1
mysql-cluster-ndb-tools-7.1.22-55.1
mysql-cluster-ndb-tools-debuginfo-7.1.22-55.1
mysql-cluster-test-7.1.22-55.1
mysql-cluster-test-debuginfo-7.1.22-55.1
mysql-cluster-tools-7.1.22-55.1
mysql-cluster-tools-debuginfo-7.1.22-55.1
References:
http://support.novell.com/security/cve/CVE-2012-2122.html
https://bugzilla.novell.com/765092
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke