20 Jul 01:04
[ MDVSA-2008:150 ] - Updated mysql packages fix vulnerabilities
From: <security <at> mandriva.com>
Subject: [ MDVSA-2008:150 ] - Updated mysql packages fix vulnerabilities
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-19 23:06:00 GMT
Subject: [ MDVSA-2008:150 ] - Updated mysql packages fix vulnerabilities
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-19 23:06:00 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:150 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : July 19, 2008 Affected: 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227). Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct these issues.(Continue reading)
RSS Feed