Debian Security Advisory
DSA-2429-1 mysql-5.1 -- several vulnerabilities
- Date Reported:
- 07 Mar 2012
- Affected Packages:
- mysql-5.1
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 659687.
In Mitre's CVE dictionary: CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492. - More information:
-
Due to the non-disclosure of security patch information from Oracle, we are forced to ship an upstream version update of MySQL 5.1. There are several known incompatible changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.
Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html.
For the stable distribution (squeeze), these problems have been fixed in version 5.1.61-0+squeeze1.
For the unstable distribution (sid), these problems have been fixed in version 5.1.61-2.
We recommend that you upgrade your mysql-5.1 packages.