CVE ID:	CVE-2012-4414
Description:	Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4414 55498 http://www.securityfocus.com/bid/55498 MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 [oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB http://www.openwall.com/lists/oss-security/2012/09/11/4 http://bugs.mysql.com/bug.php?id=66550 http://bugs.mysql.com/bug.php?id=66550 http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ https://bugzilla.redhat.com/show_bug.cgi?id=852144 https://bugzilla.redhat.com/show_bug.cgi?id=852144 https://mariadb.atlassian.net/browse/MDEV-382 https://mariadb.atlassian.net/browse/MDEV-382 openSUSE-SU-2013:0011 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html openSUSE-SU-2013:0014 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html openSUSE-SU-2013:0135 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html openSUSE-SU-2013:0156 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html