[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: [gna-private] [SECURITY] [DSA 829-1] New mysql packages fix
From: Vincent Caron <zerodeux () gnu ! org>
Date: 2005-09-30 7:23:25
Message-ID: 1128065005.5370.3.camel () localhost
[Download RAW message or body]
On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 829-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> September 30, 2005 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : mysql
> Vulnerability : buffer overflow
> Problem type : remote
> Debian-specific: no
> CVE ID : CAN-2005-2558
> BugTraq ID : 14509
>
> A stack-based buffer overflow in the init_syms function of MySQL, a
> popular database, has been discovered that allows remote authenticated
> users who can create user-defined functions to execute arbitrary code
> via a long function_name field. The ability to create user-defined
> functions is not typically granted to untrusted users.
>
> The following vulnerability matrix shows which version of MySQL in
> which distribution has this problem fixed:
>
> woody sarge sid
> mysql 3.23.49-8.14 n/a n/a
> mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1
> mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2
> mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
That's not one of our package, I've checked.
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic