News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
April 24, 2014, 04:20:37
Pages: [1]   Go Down
  Print  
Topic: MySQL updates/advisories  (Read 2161 times)
0 Members and 1 Guest are viewing this topic.
« on: May 22, 2010, 05:17:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

MySQL v5.1.47 update available
- http://www.mysql.com/downloads/mysql/

Changes in MySQL 5.1.47
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

- http://secunia.com/advisories/39792/
Last Update: 2010-05-21
Criticality level: Moderately critical
Impact: Security Bypass, DoS, System access
Where: From local network
Software: MySQL 5.x
CVE Reference(s): CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
...The vulnerabilities are reported in versions prior to 5.1.47.
Solution: Update to version 5.1.47.

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #1 on: August 04, 2010, 08:09:56 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

MySQL v5.1.49 released
- http://www.securityfocus.com/bid/41198/info
Updated: Aug 20 2010 06:03PM

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2008
Last revised: 08/21/2010

- http://dev.mysql.com/downloads/mysql/

Changes in Release 5.1.x (Production)
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html

- http://secunia.com/advisories/41048/
Release Date: 2010-08-24
Impact: Unknown, DoS
Where: From local network
Solution Status: Vendor Patch
Software: MySQL 5.x ...
Solution: Update to version 5.1.49...
Original Advisory: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html

Current version is MySQL 5.1.50 (03 August 2010)  Question
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html

- http://securitytracker.com/alerts/2010/Aug/1024360.html
Aug 25 2010

 Exclamation
« Last Edit: August 30, 2010, 14:14:49 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #2 on: October 04, 2010, 01:47:13 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

MySQL v5.1.51 released
- http://secunia.com/advisories/41716/
Release Date: 2010-10-04
Impact: Privilege escalation, DoS
Where: From local network
... reported in versions prior to 5.1.51.
Solution: Update to version 5.1.51.
Original Advisory:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #3 on: November 12, 2010, 05:31:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

MySQL v5.1.52 released
- http://secunia.com/advisories/42097/
Last Update: 2010-11-05
Impact: DoS
Where: From local network ...
... The vulnerabilities are reported in versions prior to 5.1.52.
Solution: Update to version 5.1.52.
Original Advisory: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
http://bugs.mysql.com/bug.php?id=54488
http://bugs.mysql.com/bug.php?id=54494
http://bugs.mysql.com/bug.php?id=55531

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #4 on: June 11, 2012, 04:46:30 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

MySQL v5.1.63, 5.5.25 released
- https://secunia.com/advisories/49409/
Release Date: 2012-06-11
Criticality level: Moderately critical
Impact: Unknown, Security Bypass
Where: From local network
CVE Reference: CVE-2012-2122
... vulnerability is reported in versions prior to 5.1.63.
Solution: Update to version 5.1.63 or 5.5.25.
Original Advisory
https://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
https://dev.mysql.com/doc/refman/5.5/en/news-5-5-25.html ...

> http://h-online.com/-1614990
11 June 2012 - "Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild...  there was now a Metasploit module which used the vulnerability to retrieve all the server's passwords."
___

CVE-2012-2122 ...
- https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
Jun 11, 2012 - "... If you are responsible for a MySQL server that is currently exposed to the network unnecessarily, the easiest thing to do is to modify the my.cnf file in order to restrict access to the local system. Open my.cnf with the editor of your choice, find the section labeled [mysqld] and change (or add a new line to set) the "bind-address" parameter to "127.0.0.1". Restart the MySQL service to apply this setting..."

 Shocked Exclamation
« Last Edit: June 12, 2012, 05:38:59 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #5 on: December 03, 2012, 13:36:34 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

See: http://boards.cexx.org/index.php?topic=19191.0
... and: https://secunia.com/advisories/51894/
Release Date: 2013-01-16
> http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL
___

0-day vulns in MySQL fixed by MariaDB
- http://h-online.com/-1761451
3 Dec 2012 - "A recently published security vulnerability in the MySQL open source database has been met with fixes by the developers of the open source MariaDB* fork... they also note that a supposed zero day vulnerability that enumerates MySQL users has been known about for ten years. MariaDB versions 5.1, 5.2, 5.3 and 5.5, in which CVE 2012-5579 is fixed, are available for download*. MySQL provider Oracle has yet to confirm the vulnerabilities, much less provide updated software."
* http://downloads.mariadb.org/
___

- https://secunia.com/advisories/51427/
Release Date: 2012-12-03
... may be related to vulnerability #1: https://secunia.com/SA51008/
CVE Reference(s): CVE-2012-5611, CVE-2012-5612, CVE-2012-5614, CVE-2012-5615
Impact: Brute force, DoS, System access
Where: From local network
Software: MySQL 5.x
Solution: No official solution is currently available...
___

- http://blog.trendmicro.com/trendlabs-security-intelligence/multiple-zero-day-poc-exploits-threaten-oracle-mysql-server/
Dec 6, 2012 - "... MySQL Database is famous for its high performance, high reliability and ease of use. It runs on both Windows and many non-Windows platforms like UNIX, Mac OS, Solaris, IBM AIX, etc. It has been the fastest growing application and the choice of big companies such as Facebook, Google, and Adobe among others. Given its popularity, cybercriminals and other attackers are definitely eyeing this platform..."

 Exclamation
« Last Edit: January 18, 2013, 07:38:45 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #6 on: February 04, 2014, 05:06:48 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7978



FYI...

MySQL - CVE-2014-0001
- http://www.securitytracker.com/id/1029708
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0001 - 7.5 (HIGH)
Feb 1 2014
Impact: Execution of arbitrary code via network, User access via network...
Solution: No solution was available at the time of this entry.
Vendor URL: https://www.mysql.com/

- https://mariadb.com/kb/en/mariadb-5535-changelog/
29 Jan 2014

 Exclamation
« Last Edit: February 05, 2014, 04:53:09 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.585 seconds with 20 queries.