CVE-2012-5615

Publication date 3 December 2012

Last updated 24 July 2024


Ubuntu priority

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Status

Package Ubuntu Release Status
mariadb-5.5 15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
mysql-5.5 15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic
Not affected
14.04 LTS trusty
Fixed 5.5.40-0ubuntu0.14.04.1
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 5.5.40-0ubuntu0.12.04.1
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
mysql-5.6 15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 5.6.27-0ubuntu0.14.04.1
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
mysql-dfsg-5.1 15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
mysql-5.5