|
|
ASB-2013.0046 - [Win][UNIX/Linux] MySQL: Access confidential data - Remote/unauthenticated |
|
Date: 22 March 2013 Original URL: http://www.auscert.org.au/render.html?cid=10415&it=17250 References: ESB-2012.1126 ESB-2013.0216 ESB-2013.0217 ESB-2013.0316 ESB-2013.0383 ESB-2013.0533 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0046
Multiple vulnerabilities in yaSSL
22 March 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: MySQL
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1623 CVE-2012-4929
Member content until: Sunday, April 21 2013
Reference: ESB-2013.0383
ESB-2013.0316
ESB-2013.0217
ESB-2013.0216
ESB-2012.1126
OVERVIEW
Multiple vulnerabilities have been identified in MySQL v5.1.68, 5.5.30
and 5.6.11 and earlier. [1]
IMPACT
The vendor has stated that this update fixes the following
vulnerabilities:
"CVE-2013-1623 Vulnerability allows statistical analysis of timing data
of crafted packets
CVE-2012-4929 Cryptographic vulnerabiility" [1]
MITIGATION
The vendor recommends updating to the latest version of MySQL to
correct these issues. [1]
REFERENCES
[1] Multiple vulnerabilities in yaSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUUu/xO4yVqjM2NGpAQKpDxAAhN1SGiDp8pIAzfAxScxBAVIU1XTs6vNK
9f9Ja53iVIqq5e4WExqPAIc9JQ982U6suifjW3sTqPYXfeSmf0QUwd3kOivQ0t5J
+yUIZKFu+SP/exRv73iYw62xQEi1EG4DDP2/uPxqB6krJjhdkvXfcveE8YhydBG8
XU10xDYfbNzqzngH4aN+U3ZZBDYOabt+oGtkuHF21YfVbLHrOyAx8la5IKBKfJUe
wjpgbcCFfepBWpFlocf0X3ndw4Be33vwJotkIYTqSZhCgUBCE/XMQD3r18Y5RcpP
DGH1c17ax3YjY5KUNIVsWhj3O68ZfvuAWL/bQLePftKG1hWwq1IfsQHP9Uz8mQw8
2j9GQpwx71SmDRpmVH8Se1ABHLBxpctJF6J8dNt58BISf4KoPOn/W3UkCi719xTy
XC/p7oNGoUVWbII9OEXsKB2Rt0/FcZY8gXfULVRS/zW+glG2UhagAvVwFY6MgbJK
ug/gyRdedAPBK+JYFFDrpr2YtHWdVbb1HMShiOTgGqoTyDzwHX35f87GR7XulZda
7yzomvZlDx4fMsG/nxTUMMu6U71ocOLo7+KsHMoQHhrYHTMfdum0jcfcEUNEet10
Ovj1H5fLHZ1Z1q90lplAXCiIU6TJRU5KpmQcPKjdeKWoDdQg81Hhf1YdbXnzXsnm
9OOH5cPusl8=
=Sc0v
-----END PGP SIGNATURE-----
|