Tuesday, December 4, 2012

MariaDB fixes 0-day bug in MySQL

MariaDB - a community-developed branch of MySQL database has come up with a 0-day bug fix for MySQL. The updates fix the buffer overflow issue under CVE-2012-5579. This could allow attackers to crash DB server or execute arbitrary shell code with the same privileges as the database process. Another issue that covers in CVE 2012-5611 is just a duplicate of CVE 2012-5579. They also suggest that a third problem (CVE 2012-5613) is not actually a bug in the database's code, but it is documented server behaviour that can only be exploited in the case of misconfiguration. Although Oracle hasn't confirmed the vulnerabilities. Let see how much time they will going to take to release patches.

No comments: