Security Information / 2012 / Security Information -- DSA-2429-1 mysql-5.1

Debian Security Advisory

DSA-2429-1 mysql-5.1 -- several vulnerabilities

Date Reported:

07 Mar 2012

Affected Packages:

mysql-5.1

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 659687.
In Mitre's CVE dictionary: CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492.

More information:

Due to the non-disclosure of security patch information from Oracle, we are forced to ship an upstream version update of MySQL 5.1. There are several known incompatible changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.

Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html.

For the stable distribution (squeeze), these problems have been fixed in version 5.1.61-0+squeeze1.

For the unstable distribution (sid), these problems have been fixed in version 5.1.61-2.

We recommend that you upgrade your mysql-5.1 packages.