Mandrake alert: Updated MySQL packages fix multiple vulnerabilities
|
|
Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2002:087
Date: December 18th, 2002
Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2
________________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in all versions of MySQL prior
to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by
any valid MySQL user to crash the MySQL server, the other allows
anyone to bypass the MySQL password check or execute arbitraty code
with the privilege of the user running mysqld. Another two
vulnerabilities were found, one an arbitrary size heap overflow in
the mysql client library and another that allows one to write ' |
This topic does not have any threads posted yet!
You cannot post until you login.
