CVE-2012-5627
Publication date 1 October 2013
Last updated 24 July 2024
Ubuntu priority
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Status
Package | Ubuntu Release | Status |
---|---|---|
mariadb-5.5 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
mysql-5.5 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
mysql-5.6 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
Notes
mdeslaur
as of 2016-11-23, no indication of fix from upstream MySQL. marking this as ignored since we will not diverge from upstream.