CVE-2012-4414

Priority
Description
Multiple SQL injection vulnerabilities in the replication code in Oracle
MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x
through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote
authenticated users to execute arbitrary SQL commands via vectors related
to the binary log. NOTE: as of 20130116, Oracle has not commented on
claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Notes
jdstrandmysql-cluster-7.0 not supported per Ubuntu Server team
As of 2012/01/09, Oracle no longer supports MySQL 5.0.
Unfortunately, because of upstream update and commit policies it is not
possible to backport patches from later releases. Ubuntu is regrettably
unable to support MySQL 5.0 and users are encouraged to upgrade to Ubuntu
10.04 LTS or later.
mdeslaurincomplete fix in 5.5.29, see:
http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
jdstrandwatch for fix in 5.5.31
Debian released 5.5.30+dfsg-1 claiming to have fixed this issue
as of 2013-03-25, no complete fix from upstream
sarnoldNot actually fixed in 1807-1 -- my mistake
Package
Upstream:needs-triage
Package
Upstream:released (5.5.30+dfsg-1)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:44:56 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)