Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Debian: DSA-1783 Critical: MySQL Remote Service Crash and XSS

debian
Calendar Grey April 29, 2009
Scroller Debian
- ------------------------------------------------------------------------ Debian Security Advisory
Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application

Summary

CVE-2008-3963

Kay Roepke reported that the MySQL server would not properly handle
an empty bit-string literal in an SQL statement, allowing an
authenticated remote attacker to cause a denial of service (a crash)
in mysqld. This issue affects the oldstable distribution (etch), but
not the stable distribution (lenny).

CVE-2008-4456

Thomas Henlich reported that the MySQL commandline client application
did not encode HTML special characters when run in HTML output mode
(that is, "mysql --html ..."). This could potentially lead to
cross-site scripting or unintended script privilege escalation if
the resulting output is viewed in a browser or incorporated into
a web site.

For the old stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch10.

For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny1.

We recommend that you upgrade your mysql-dfsg-5.0 packages.


Upgrade instructions
- ---------------...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.