Ubuntu

mysql 5.5.24, 5.1.63, 5.0.x security update tracking bug

Reported by Marc Deslauriers on 2012-06-11
300
This bug affects 5 people
Affects Status Importance Assigned to Milestone
mysql-5.1 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Natty
High
Marc Deslauriers
Oneiric
High
Marc Deslauriers
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
mysql-5.5 (Ubuntu)
High
Clint Byrum
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
High
Marc Deslauriers
Quantal
High
Clint Byrum
mysql-dfsg-5.0 (Ubuntu)
Undecided
Unassigned
Hardy
High
Marc Deslauriers
Lucid
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
mysql-dfsg-5.1 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
High
Marc Deslauriers
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned

Bug Description

5.5.24:
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html

Security Fix: Bug #64884 was fixed.

5.1.63:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
Security Fix: Bug #64884 was fixed.
Security Fix: Bug #59387 was fixed.

5.0.x:
Most likely also affected by #64884, but no longer supported by Oracle, needs a backported patch.

Marc Deslauriers (mdeslaur) wrote :

bug #64884 is CVE-2012-2122

visibility: private → public
Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Confirmed
Changed in mysql-dfsg-5.0 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Quantal):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Hardy):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Confirmed
Changed in mysql-dfsg-5.1 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Quantal):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Hardy):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Quantal):
assignee: nobody → Clint Byrum (clint-fewbar)
importance: Undecided → High
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Hardy):
status: New → Invalid
Changed in mysql-5.1 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-5.1 (Ubuntu Natty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-5.1 (Ubuntu Quantal):
status: New → Invalid
Marc Deslauriers (mdeslaur) wrote :

FYI, I can only reproduce CVE-2012-2122 on real hardware that supports SSE4. Oneiric and higher, amd64 only.

sseitz (s-seitz) wrote :

Regarding #2:
You're right. I've tried on identical 12.04 LTS 64bit.
Vulnurable on Xeon E5654
Not vulnurable on Xeon E5345
Both machines are paravirtualizes Xen DomU, so it looks like the system is vulnurable by the availability of sse4 only. It looks like the existence of Xen virtualizationlayer doesn't matter.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.96-0ubuntu3

---------------
mysql-dfsg-5.0 (5.0.96-0ubuntu3) hardy-security; urgency=low

  * SECURITY UPDATE: authentication bypass (LP: #1011371)
    - debian/patches/90_CVE-2012-2122.patch: fix improper type conversion
      in sql/password.c.
    - CVE-2012-2122
  * debian/mysql-server.preinst: Removed to prevent service from remaining
    stopped after getting updated. The upgrade logic is still present in
    mysql-common.preinst. (LP: #988325)
 -- Marc Deslauriers <email address hidden> Mon, 11 Jun 2012 09:04:56 -0400

Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.24-0ubuntu0.12.04.1

---------------
mysql-5.5 (5.5.24-0ubuntu0.12.04.1) precise-security; urgency=low

  * SECURITY UPDATE: Update to 5.5.24 to fix security issues (LP: #1011371)
    - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html
 -- Marc Deslauriers <email address hidden> Mon, 11 Jun 2012 07:34:33 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.63-0ubuntu0.11.10.1

---------------
mysql-5.1 (5.1.63-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.63 to fix security issues (LP: #1011371)
    - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
 -- Marc Deslauriers <email address hidden> Sun, 10 Jun 2012 20:49:35 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.63-0ubuntu0.11.04.1

---------------
mysql-5.1 (5.1.63-0ubuntu0.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.63 to fix security issues (LP: #1011371)
    - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
 -- Marc Deslauriers <email address hidden> Mon, 11 Jun 2012 07:25:44 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.1 - 5.1.63-0ubuntu0.10.04.1

---------------
mysql-dfsg-5.1 (5.1.63-0ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.63 to fix security issues (LP: #1011371)
    - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
 -- Marc Deslauriers <email address hidden> Mon, 11 Jun 2012 07:27:41 -0400

Changed in mysql-5.1 (Ubuntu Natty):
status: Confirmed → Fix Released
Changed in mysql-5.1 (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in mysql-5.5 (Ubuntu Precise):
status: Confirmed → Fix Released
Changed in mysql-dfsg-5.1 (Ubuntu Lucid):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.25-0ubuntu1

---------------
mysql-5.5 (5.5.25-0ubuntu1) quantal; urgency=low

  * New upstream release (LP: #1011371, LP: #986892)
  * d/rules: change get-orig-source to pull from a working mirror.
  * d/control: Build with default compiler instead of gcc 4.5
 -- Clint Byrum <email address hidden> Mon, 11 Jun 2012 23:34:14 -0700

Changed in mysql-5.5 (Ubuntu Quantal):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers