[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: New mysql packages fix arbitrary code execution
From: Mathieu Roy <yeupou () coleumes ! org>
Date: 2005-09-30 7:26:22
Message-ID: m3zmpvaue9.fsf () ulysse ! attique ! org
[Download RAW message or body]
Friday 30 September, vers 9h, Vincent Caron dactylographia :
> On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > -
> > --------------------------------------------------------------------------
> > Debian Security Advisory DSA 829-1 security@debian.org
> > http://www.debian.org/security/ Martin Schulze September 30, 2005
> > http://www.debian.org/security/faq -
> > --------------------------------------------------------------------------
> >
> > Package : mysql
> > Vulnerability : buffer overflow
> > Problem type : remote
> > Debian-specific: no
> > CVE ID : CAN-2005-2558
> > BugTraq ID : 14509
> >
> > A stack-based buffer overflow in the init_syms function of MySQL,
> > a popular database, has been discovered that allows remote
> > authenticated users who can create user-defined functions to
> > execute arbitrary code via a long function_name field. The
> > ability to create user-defined functions is not typically granted
> > to untrusted users.
> >
> > The following vulnerability matrix shows which version of MySQL in
> > which distribution has this problem fixed:
> >
> > woody sarge sid mysql 3.23.49-8.14 n/a n/a mysql-dfsg n/a
> > 4.0.24-10sarge1 4.0.24-10sarge1 mysql-dfsg-4.1 n/a 4.1.11a-4sarge2
> > 4.1.14-2 mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
>
> That's not one of our package, I've checked.
>
Does it means that our is not affected, or that no fix is available
for our so far?
--
Mathieu Roy
+---------------------------------------------------------------------+
| General Homepage: http://yeupou.coleumes.org/ |
| Computing Homepage: http://alberich.coleumes.org/ |
| Not a native english speaker: |
| http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english |
+---------------------------------------------------------------------+
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic