SB2012120709 - Input validation error in mysql (Alpine package)

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2012-3163)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote #AU# to execute arbitrary code.

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Per: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html "The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+."

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=ed02b36f83c15723447588a318576a3f9d65ff86
• https://git.alpinelinux.org/aports/commit/?id=0313e3bde5e3499e4da96f7e53d4ce15a6e5cc0b
• https://git.alpinelinux.org/aports/commit/?id=f53562b70b2720801f3795958799d08e29bc3607