mysql-5.1.69-1.0.1.AXS4

エラータID: AXSA:2013-430:03

Release date: 
Friday, May 3, 2013 - 15:22
Subject: 
mysql-5.1.69-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

Security issues fixed with this release:

• CVE-2012-5614
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

• CVE-2013-1506
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

• CVE-2013-1521
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

• CVE-2013-1531
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

• CVE-2013-1532
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

• CVE-2013-1544
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

• CVE-2013-1548
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

• CVE-2013-1552
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

• CVE-2013-1555
Unspecified vulnerability in MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

• CVE-2013-2375
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

• CVE-2013-2378
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

• CVE-2013-2389
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

• CVE-2013-2391
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

• CVE-2013-2392
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Solution: 

Update packages.

CVEs: 
CVE-2012-5614
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
CVE-2013-1506
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
CVE-2013-1521
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
CVE-2013-1531
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
CVE-2013-1532
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
CVE-2013-1544
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
CVE-2013-1548
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
CVE-2013-1552
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2013-1555
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
CVE-2013-2375
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2013-2378
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
CVE-2013-2389
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2013-2391
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
CVE-2013-2392
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Additional Info: 

N/A

Download: 

SRPMS
  1. mysql-5.1.69-1.0.1.AXS4.src.rpm
    MD5: c2a23333affb7a4d4925babf362e4036
    SHA-256: 0927231937f3b37cf98db7980ade8e0d294d69e78515a4648b4dd7c1dc3c17b8
    Size: 20.03 MB

Asianux Server 4 for x86
  1. mysql-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: 577de02596d13f985d73836bba89dd60
    SHA-256: 353f9dd9bc1fc7bdf602231d2b264eef4593b68ab107e0f37e3ef6ba3df12a66
    Size: 916.71 kB
  2. mysql-bench-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: a478a6b1595150ac7e0842b8c8118f04
    SHA-256: 236dd4074cec34575418427cbaf3971e575a19dc03b9bcf32d621d0f38cbabec
    Size: 426.74 kB
  3. mysql-devel-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: 73cbf344c316df1824e917b4c9f68457
    SHA-256: 899b8acd34ae2df60c421f5e262f7d4b8f33f9bf96f15f231ffc92ab59b38e1c
    Size: 127.65 kB
  4. mysql-libs-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: 7ea8b03a1b7e6d1919eaa84029af0dbc
    SHA-256: 2f0244bf14fdb1b70294ff84c70eceddf3ea23824aa148832a4f5610d20e4836
    Size: 1.23 MB
  5. mysql-server-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: 2e5e0a98dd7b93bfa585450532c7cafc
    SHA-256: ff5cb92ca1c6664238bc846c030ce3d36c830a8385825481e94c785f1fc97fc0
    Size: 8.83 MB
  6. mysql-test-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: dc12a39acde92bbd4ec2afc59ee6e503
    SHA-256: 6671fab991a65369e6ea4fead92799fa21c08afc816a745b82bff14dc06c3a55
    Size: 5.25 MB

Asianux Server 4 for x86_64
  1. mysql-5.1.69-1.0.1.AXS4.x86_64.rpm
    MD5: 0a848d87a08012428e6b8fbd7609d81c
    SHA-256: 48b22b1bb640533c7a8c15b34f19541aa83bf1e72fc6071d2a236f4743c66c72
    Size: 906.54 kB
  2. mysql-bench-5.1.69-1.0.1.AXS4.x86_64.rpm
    MD5: 8ba0ca025bc0e6da29048afdd86dec7a
    SHA-256: 6585dea396fcfa8a40bf43d3710b954a9357718441dccadfa3f2fc14bb114a21
    Size: 426.33 kB
  3. mysql-devel-5.1.69-1.0.1.AXS4.x86_64.rpm
    MD5: 69853c47326c1d3a7d9076a8b4ebd775
    SHA-256: caf9836c2ce4fb933c7c235db3a8c94d7a2126b6f2afc3c07f3cb81b49c79020
    Size: 127.20 kB
  4. mysql-libs-5.1.69-1.0.1.AXS4.x86_64.rpm
    MD5: 1ac47d4a7491d64400a785602f7bf616
    SHA-256: 8d61fc6cdaf305aee57de5fd8698000da8b6d5ab9223ec1c364c26d150eb3d67
    Size: 1.22 MB
  5. mysql-server-5.1.69-1.0.1.AXS4.x86_64.rpm
    MD5: d2adc193b6acd1a6905c5925e931d0e9
    SHA-256: 84bbc8d74d8eae254e19e9865aa83db2d4e316bc6f5c7819c8930d79eb4c0c23
    Size: 8.65 MB
  6. mysql-test-5.1.69-1.0.1.AXS4.x86_64.rpm
    MD5: 9ec6fd31094a1b3bd09db8d18d0c99a5
    SHA-256: 3abf5b5c9acb023661b88920dc34ae9fefb4c45e6103a70309b8103c73624271
    Size: 5.27 MB
  7. mysql-devel-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: 73cbf344c316df1824e917b4c9f68457
    SHA-256: 899b8acd34ae2df60c421f5e262f7d4b8f33f9bf96f15f231ffc92ab59b38e1c
    Size: 127.65 kB
  8. mysql-libs-5.1.69-1.0.1.AXS4.i686.rpm
    MD5: 7ea8b03a1b7e6d1919eaa84029af0dbc
    SHA-256: 2f0244bf14fdb1b70294ff84c70eceddf3ea23824aa148832a4f5610d20e4836
    Size: 1.23 MB