AmazonALAS-2012-044Important: mysql
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
0.017 Low
EPSS
Percentile
87.9%
Issue Overview:
This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492)
These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes (http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html) for a full list of changes:
Affected Packages:
mysql
Issue Correction:
Run yum update mysql to update your system.
New Packages:
i686:
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Additional References
Red Hat: CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492
Mitre: CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | mysql-embedded-devel | < 5.1.61-1.27.amzn1 | mysql-embedded-devel-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-test | < 5.1.61-1.27.amzn1 | mysql-test-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-debuginfo | < 5.1.61-1.27.amzn1 | mysql-debuginfo-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-embedded | < 5.1.61-1.27.amzn1 | mysql-embedded-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-libs | < 5.1.61-1.27.amzn1 | mysql-libs-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-server | < 5.1.61-1.27.amzn1 | mysql-server-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-bench | < 5.1.61-1.27.amzn1 | mysql-bench-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql | < 5.1.61-1.27.amzn1 | mysql-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql-devel | < 5.1.61-1.27.amzn1 | mysql-devel-5.1.61-1.27.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | mysql | < 5.1.61-1.27.amzn1 | mysql-5.1.61-1.27.amzn1.x86_64.rpm |
Related
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
0.017 Low
EPSS
Percentile
87.9%