6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.7%
April 1, 2013 Michael Shigorin 5.5.30-alt10
- New version
- NB: 5.5.29 had important security fixes, including:
+ A buffer overflow that can cause a server crash or
arbitrary code execution (a variant of CVE-2012-5611)
+ CVE-2012-5627 fast password brute-forcing using the "change user"
+ CVE-2012-5615 information leakage about existing user accounts
via the protocol handshake
+ fixes for DoS attacks - crashes and server lockups
+ all security fixes from MySQL 5.5.29, such as fix for CVE-2012-5612
- please note that client libraries are now built from MariaDB code;
these should be backwards compatible (but still add 84 symbols),
see also #28289
+ merged fedora's version script changes (but left ours in too)
- selectively synced build options with fedora
+ enabled readline support
+ do not force PBXT storage plugin build (deprecated in 5.5)
- see also https://kb.askmonty.org/en/about-pbxt/
- causes ICE
- removed MySQL-MariaDB subpackage being rather superfluous
- updated BR: (see #16878)
- bumped Release: to be higher than MySQL's, just in case