English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Debian update for mysql-5.1


Secunia ID

SA51416

CVE-ID

CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, CVE-2012-5611

Release Date

04 Dec 2012

Criticality

Moderately Critical

Solution Status

Vendor Patch

Where

From local network

Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Exposure of sensitive information

Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.

Description

Debian has issued an update for mysql-5.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service) and potentially execute arbitrary code, and by malicious people to potentially compromise a vulnerable system.

For more information:
SA51008
SA51427

Solution

Apply updated packages via the apt-get package manager.

Original Advisory

DSA-2581-1:
http://lists.debian.org/debian-security-announce/2012/msg00225.html