MySQL 5.0.21 - notice

To: pkgsrc-users%netbsd.org@localhost
Subject: MySQL 5.0.21 - notice
From: rudolf <netbsd%eq.cz@localhost>
Date: Tue, 02 May 2006 17:42:31 +0200

Hi,

an addition to 'audit-packages' :)

there are two 'new' security problems fixed in MySQL 5.0.21 (releasedtoday). From the changelog(http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html):

Security fix: A malicious client, using specially crafted invalidCOM_TABLE_DUMP packets was able to trigger an exploitable bufferoverflow on the server. Thanks to Stefano Di Paola<stefano.dipaola%wisec.it@localhost> for finding and reporting this bug.

Security fix: A malicious client, using specially crafted invalid loginor COM_TABLE_DUMP packets was able to read uninitialized memory, whichpotentially, though unlikely in MySQL, could have led to an informationdisclosure. Thanks to Stefano Di Paola <stefano.dipaola%wisec.it@localhost> forfinding and reporting this bug.

r.

Prev by Date: Re: state of COMPAT_LINUX/COMPAT_LINUX32 and java on amd64
Next by Date: Re: state of COMPAT_LINUX/COMPAT_LINUX32 and java on amd64
Previous by Thread: state of COMPAT_LINUX/COMPAT_LINUX32 and java on amd64
Next by Thread: sysutils/gnome-vfs2 - ongoing problems on Solaris
Indexes:

Home | Main Index | Thread Index | Old Index