Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20120620)

low Nessus Plugin ID 61341

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash.
This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2012-2102)

This update also adds the following enhancement :

- The InnoDB storage engine is built-in for all architectures. This update adds InnoDB Plugin, the InnoDB storage engine as a plug-in for the 32-bit x86, AMD64, and Intel 64 architectures. The plug-in offers additional features and better performance than when using the built-in InnoDB storage engine. Refer to the MySQL documentation, linked to in the References section, for information about enabling the plug-in.

All MySQL users should upgrade to these updated packages, which add this enhancement and contain a backported patch to correct this issue.
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9ba82b81

Plugin Details

Severity: Low

ID: 61341

File Name: sl_20120620_mysql_on_SL6_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:mysql, p-cpe:/a:fermilab:scientific_linux:mysql-bench, p-cpe:/a:fermilab:scientific_linux:mysql-debuginfo, p-cpe:/a:fermilab:scientific_linux:mysql-devel, p-cpe:/a:fermilab:scientific_linux:mysql-embedded, p-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel, p-cpe:/a:fermilab:scientific_linux:mysql-libs, p-cpe:/a:fermilab:scientific_linux:mysql-server, p-cpe:/a:fermilab:scientific_linux:mysql-test, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 6/20/2012

Vulnerability Publication Date: 8/17/2012

Reference Information

CVE: CVE-2012-2102