Launchpad.net

CVE 2012-4414

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Related bugs and status

CVE-2012-4414 (Candidate) is related to these bugs:

Bug #1049871: Multiple SQL injections

		In	Importance	Status
1049871	Multiple SQL injections	Percona Server moved to https://jira.percona.com/projects/PS	Critical	Fix Released
1049871	Multiple SQL injections	Percona Server moved to https://jira.percona.com/projects/PS 5.1	Critical	Fix Released
1049871	Multiple SQL injections	Percona Server moved to https://jira.percona.com/projects/PS 5.5	Critical	Fix Released
1049871	Multiple SQL injections	MySQL Server	Unknown	Unknown

Bug #1154675: Serious regression in replication caused by fix for CVE-2012-4414

		In	Importance	Status
1154675	Serious regression in replication caused by fix for CVE-2012-4414	mysql-5.5 (Ubuntu)	High	Fix Released
1154675	Serious regression in replication caused by fix for CVE-2012-4414	mysql-5.5 (Debian)	Unknown	Fix Released
1154675	Serious regression in replication caused by fix for CVE-2012-4414	MySQL Server	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-4414

Related bugs and status

Related bugs

References