SB2013011702 - Multiple vulnerabilities in Google, mysql
Published: January 17, 2013 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-1531)
The vulnerability allows a remote #AU# to read and manipulate data.
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
2) Buffer overflow (CVE-ID: CVE-2012-0553)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
3) Input validation error (CVE-ID: CVE-2013-0383)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
4) Input validation error (CVE-ID: CVE-2013-0384)
The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
5) Input validation error (CVE-ID: CVE-2013-0385)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
6) Input validation error (CVE-ID: CVE-2013-0386)
The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
7) Input validation error (CVE-ID: CVE-2013-0389)
The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
8) Input validation error (CVE-ID: CVE-2013-0368)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
9) Input validation error (CVE-ID: CVE-2013-0371)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
10) Input validation error (CVE-ID: CVE-2013-0367)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
11) Input validation error (CVE-ID: CVE-2012-5096)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
12) Input validation error (CVE-ID: CVE-2012-0574)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
13) Input validation error (CVE-ID: CVE-2012-0578)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14) Input validation error (CVE-ID: CVE-2012-1702)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
15) Input validation error (CVE-ID: CVE-2012-1705)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16) Input validation error (CVE-ID: CVE-2012-0572)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Remediation
Install update from vendor's website.
References
- http://rhn.redhat.com/errata/RHSA-2013-0772.html
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html
- http://secunia.com/advisories/52445
- https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
- http://rhn.redhat.com/errata/RHSA-2013-0219.html
- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
- http://www.ubuntu.com/usn/USN-1703-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16835
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17255
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17077
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877
- http://marc.info/?l=bugtraq&m=135109152819176&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792