CVE-2009-5026

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-5026 at MITRE

Description

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 726602

SUSE Security Advisories:

openSUSE-SU-2012:0617-1, published Mon, 14 May 2012 16:08:30 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SP1 DEBUGINFO	`mysql-debuginfo >= 5.0.96-0.4.1` `mysql-debugsource >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`libmysqlclient-devel >= 5.0.96-0.4.1` `libmysqlclient_r15-x86 >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`libmysqlclient-devel >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`libmysqlclient-devel >= 5.0.96-0.4.1` `libmysqlclient_r15-32bit >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`libmysqlclient15 >= 5.0.96-0.4.1` `libmysqlclient_r15 >= 5.0.96-0.4.1` `mysql >= 5.0.96-0.4.1` `mysql-client >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`libmysqlclient15 >= 5.0.96-0.4.1` `libmysqlclient15-32bit >= 5.0.96-0.4.1` `libmysqlclient_r15 >= 5.0.96-0.4.1` `libmysqlclient_r15-32bit >= 5.0.96-0.4.1` `mysql >= 5.0.96-0.4.1` `mysql-client >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`libmysqlclient15 >= 5.0.96-0.4.1` `libmysqlclient_r15 >= 5.0.96-0.4.1` `mysql >= 5.0.96-0.4.1` `mysql-Max >= 5.0.96-0.4.1` `mysql-client >= 5.0.96-0.4.1` `mysql-tools >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2	`libmysqlclient15 >= 5.0.96-0.4.1` `libmysqlclient15-x86 >= 5.0.96-0.4.1` `libmysqlclient_r15 >= 5.0.96-0.4.1` `mysql >= 5.0.96-0.4.1` `mysql-Max >= 5.0.96-0.4.1` `mysql-client >= 5.0.96-0.4.1` `mysql-tools >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`libmysqlclient15 >= 5.0.96-0.4.1` `libmysqlclient15-32bit >= 5.0.96-0.4.1` `libmysqlclient_r15 >= 5.0.96-0.4.1` `mysql >= 5.0.96-0.4.1` `mysql-Max >= 5.0.96-0.4.1` `mysql-client >= 5.0.96-0.4.1` `mysql-tools >= 5.0.96-0.4.1`	sle11-sp2-sdk.x86 sles11-sp1-vmware.x86-64 sles11-sp2.ia64 sled11-sp2.x86 sled11-sp2.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.ppc sles11-sp2.s390x sles11-sp2.ppc sles11-sp2.x86-64 sle11-sp1-sdk.ia64 sle11-sp2-sdk.s390x sle11-sp2-sdk.x86-64 sle11-sp2-sdk.ia64 sles11-sp1.ppc sles11-sp1.x86 sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sle11-sp1-sdk.x86 SAT Patch Nr: 6613