'Re: New mysql packages fix arbitrary code execution'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: New mysql packages fix arbitrary code execution
From:       Mathieu Roy <yeupou () coleumes ! org>
Date:       2005-09-30 7:26:22
Message-ID: m3zmpvaue9.fsf () ulysse ! attique ! org
[Download RAW message or body]

Friday 30 September, vers 9h, Vincent Caron dactylographia :

> On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > -
> > --------------------------------------------------------------------------
> > Debian Security Advisory DSA 829-1 security@debian.org
> > http://www.debian.org/security/ Martin Schulze September 30, 2005
> > http://www.debian.org/security/faq -
> > --------------------------------------------------------------------------
> > 
> > Package        : mysql
> > Vulnerability  : buffer overflow
> > Problem type   : remote
> > Debian-specific: no
> > CVE ID         : CAN-2005-2558
> > BugTraq ID     : 14509
> > 
> > A stack-based buffer overflow in the init_syms function of MySQL,
> > a popular database, has been discovered that allows remote
> > authenticated users who can create user-defined functions to
> > execute arbitrary code via a long function_name field.  The
> > ability to create user-defined functions is not typically granted
> > to untrusted users.
> > 
> > The following vulnerability matrix shows which version of MySQL in
> > which distribution has this problem fixed:
> > 
> > woody sarge sid mysql 3.23.49-8.14 n/a n/a mysql-dfsg n/a
> > 4.0.24-10sarge1 4.0.24-10sarge1 mysql-dfsg-4.1 n/a 4.1.11a-4sarge2
> > 4.1.14-2 mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
> 
> That's not one of our package, I've checked.
> 

Does it means that our is not affected, or that no fix is available
for our so far?

-- 
Mathieu Roy

  +---------------------------------------------------------------------+
  | General Homepage:           http://yeupou.coleumes.org/             |
  | Computing Homepage:         http://alberich.coleumes.org/           |
  | Not a native english speaker:                                       |
  |     http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english  |
  +---------------------------------------------------------------------+


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic