The CentOS team has been looking at the issue called out in these stories:
http://threatpost.com/en_us/blogs/trivial-password-flaw-leaves-mysql-databases-exposed-061112
http://arstechnica.com/information-technology/2012/06/security-flaw-in-mysql-mariadb-allows-access-with-any-password-just-keep-submitting-it/
http://www.net-security.org/secworld.php?id=13076
According to the upstream provider EL4, EL5 and EL6 are not impacted by
the above issue:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2122
Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20120611/c1970c8d/attachment-0004.sig>
