Results 1 to 9 of 9

Thread: MySQL 5.5.25a - CVE-2012-2122

  1. #1
    Join Date
    Sep 2004
    Posts
    138

    MySQL 5.5.25a - CVE-2012-2122

    sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

    5.5.25a was released, however, custombuild is still on 5.5.25.

  2. #2
    Join Date
    Apr 2009
    Posts
    1,964
    You are wrong. MySQL 5.5.25a was added to custombuild the very same hour it was released at mysql.com, it was added to custombuild 07-05-2012 http://www.directadmin.com/forum/sho...435#post224435

  3. #3
    Join Date
    Sep 2004
    Posts
    138
    I stand corrected. It is indeed listed in the versions file and shows up when I do ./build versions. I just can't coach custombuild to download and install it. On 1 server it even sticks to 5.5.23 even though ./build versions says 5.5.25a is available.

  4. #4
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    what ./build update and ./build mysql does so?

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  5. #5
    Join Date
    Sep 2004
    Posts
    138
    I'm sorry. Usually updates are downloaded when ./build update is run. When executing ./build mysql it does get downloaded. Thnx for setting me straight.

  6. #6
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    The build update yes just download new files (should download mysql rpms too i suppose but im not sure).

    build mysql for sure install latest version, and, if file are not present (and this is valid for any software afaik) it download latest and than install them.

    Is your problem solved now?

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  7. #7
    Join Date
    Sep 2004
    Posts
    138
    Yes, the problem is solved.

  8. #8
    Join Date
    Sep 2008
    Posts
    198
    ./build update doesn't download MySQL as it should be. The MySQL will downloaded only when you run ./build mysql or ./build update_versions.

    I've asked smtalk about this a while ago and remember that he said it's because the script has the problem with some other Linux beside CentOS. So, he keeps it that way for now.

  9. #9
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Thanks for pointing me out on this Didnt know.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

Similar Threads

  1. Bind security update [CVE-2012-1667]
    By Arieh in forum Required Software Version Updates
    Replies: 11
    Last Post: 06-18-2012, 10:51 AM
  2. OpenSSH 6.0 released April 22, 2012
    By @how@ in forum Required Software Version Updates
    Replies: 1
    Last Post: 04-23-2012, 10:32 AM
  3. MySQL 5.5.22 released (21 March 2012)
    By nmb in forum Required Software Version Updates
    Replies: 3
    Last Post: 03-24-2012, 09:47 PM
  4. PCRE library version 8.30 04-February-2012
    By bricoland in forum Required Software Version Updates
    Replies: 2
    Last Post: 03-07-2012, 03:10 AM
  5. MySQL 5.5.21 (17 February 2012)
    By bricoland in forum Required Software Version Updates
    Replies: 0
    Last Post: 03-02-2012, 06:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •