The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of MySQL: several vulnerabilities of October 2012

Synthesis of the vulnerability 

Several vulnerabilities of MySQL are corrected by the CPU of October 2012.
Vulnerable software: Debian, BIG-IP Hardware, TMOS, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, Percona Server, RHEL.
Severity of this announce: 3/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 17/10/2012.
Références of this computer vulnerability: CERTA-2012-AVI-579, cpuoct2012, CVE-2012-3144, CVE-2012-3147, CVE-2012-3149, CVE-2012-3150, CVE-2012-3156, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, DSA-2581-1, JSA10601, MDVSA-2013:102, RHSA-2012:1462-01, SOL14907, VIGILANCE-VUL-12079.

Description of the vulnerability 

A Critical Patch Update corrects several vulnerabilities of MySQL.

An attacker can use a vulnerability of Information Schema, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-3163]

An attacker can use a vulnerability of MySQL Protocol, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-3158]

An attacker can use a vulnerability of Server, in order to create a denial of service. [severity:2/4; CVE-2012-3177]

An attacker can use a vulnerability of MySQL Client, in order to alter information, or to create a denial of service. [severity:2/4; CVE-2012-3147]

An attacker can use a vulnerability of InnoDB, in order to create a denial of service. [severity:2/4; CVE-2012-3166]

An attacker can use a vulnerability of InnoDB Plugin, in order to create a denial of service. [severity:2/4; CVE-2012-3173]

An attacker can use a vulnerability of Server, in order to create a denial of service. [severity:2/4; CVE-2012-3144]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; CVE-2012-3150]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; CVE-2012-3180]

An attacker can use a vulnerability of MySQL Client, in order to obtain information. [severity:2/4; CVE-2012-3149]

An attacker can use a vulnerability of Server, in order to create a denial of service. [severity:2/4; CVE-2012-3156]

An attacker can use a vulnerability of Server Full Text Search, in order to create a denial of service. [severity:3/4; CVE-2012-3167]

An attacker can use a vulnerability of Server Replication, in order to create a denial of service. [severity:2/4; CVE-2012-3197]

An attacker can use a vulnerability of Server Installation, in order to obtain information. [severity:1/4; CVE-2012-3160]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability impacts software or systems such as Debian, BIG-IP Hardware, TMOS, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, Percona Server, RHEL.

Our Vigil@nce team determined that the severity of this security announce is important.

The trust level is of type confirmed by the editor, with an origin of user account.

This bulletin is about 14 vulnerabilities.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat 

MySQL: CPU of October 2012.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=1475188.1

Debian: new mysql-5.1 packages.
New packages are available:
  mysql-5.1_5.1.66-0+squeeze1

F5 BIG-IP: fixed versions for MySQL.
Fixed versions are indicated in information sources.

Juniper Junos Space: version 13.1R1.
The version 13.1R1 is fixed:
   http://www.juniper.net/support/downloads/?p=space

Mandriva Business Server: new mariadb packages.
New packages are available:
  mariadb-5.5.25-1.1.mbs1

RHEL 6.3: new mysql packages.
New packages are available:
  mysql-5.1.66-1.el6_3
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability note. The technology watch team tracks security threats targeting the computer system.