Debian DSA 1079-1 Critical: MySQL Remote Security Issues
debian
May 29, 2006
Updated package.
Topics Covered
Summary
Improper handling of SQL queries containing the NULL character
allow local users to bypass logging mechanisms.
CVE-2006-1516
Usernames without a trailing null byte allow remote attackers to
read portions of memory.
CVE-2006-1517
A request with an incorrect packet length allows remote attackers
to obtain sensitive information.
CVE-2006-1518
Specially crafted request packets with invalid length values allow
the execution of arbitrary code.
The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:
woody sarge sid
mysql 3.23.49-8.15 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge2 n/a
mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a
mysql-dfsg-5.0 n/a n/a 5.0.21-3
We recommend that you upgrade your mysql packages.
Upgrade Instructions
- --------------------wget url
wi...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!