[Bug 1475294] Re: mysql 5.5.44, 5.6.25 security update tracking bug
Felipe Reyes
1475294 at bugs.launchpad.net
Tue Sep 29 15:40:13 UTC 2015
mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1]
:
"""
Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
"""
[0] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5615.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5615
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1475294
Title:
mysql 5.5.44, 5.6.25 security update tracking bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1475294/+subscriptions
More information about the Ubuntu-server-bugs
mailing list