Mandrake alert: Updated MySQL packages fix multiple vulnerabilities

Posted by dave on Dec 18, 2002 9:05 AM EDT
Mailing list		Mail this story
Print this story

Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write ' 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           MySQL
Advisory ID:            MDKSA-2002:087
Date:                   December 18th, 2002

Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0,
                        Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

 Two vulnerabilities were discovered in all versions of MySQL prior
 to 3.23.53a and 4.0.5a by Stefan Esser.  The first can be used by
 any valid MySQL user to crash the MySQL server, the other allows
 anyone to bypass the MySQL password check or execute arbitraty code
 with the privilege of the user running mysqld.  Another two
 vulnerabilities were found, one an arbitrary size heap overflow in
 the mysql client library and another that allows one to write '

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.