Package: mysql-5.1 Version: 5.1.61-0+squeeze1 Severity: important Tags: security
http://seclists.org/oss-sec/2012/q2/493 https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/ I haven't verified this as I do not have time at the moment. References from the email: References: MariaDB bug report: https://mariadb.atlassian.net/browse/MDEV-212 MariaDB fix: http://bazaar.launchpad.net/~maria-captains/maria/5.1/revision/3144 MySQL bug report: http://bugs.mysql.com/bug.php?id=64884 MySQL fix: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.17 MySQL changelog: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.4.1 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
