Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Mandriva: Updated mysql packages fix vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Mandriva: Updated mysql packages fix vulnerabilities
# 1  
Old 07-21-2008
Mandriva: Updated mysql packages fix vulnerabilities
LinuxSecurity.com: Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227). Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct these issues.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

mysql_zap

zap(1)								  MySQL database							    zap(1)

NAME

       zap - a perl script used to kill processes

USAGE

       /usr/bin/mysql_zap [-signal] [-?Ift] pattern

SYNOPSIS

       zap [-I|-?]  [-f] [-t]

DESCRIPTION

       zap    supports by executing

       -I|-?  info

       -f     force

       -t     test

NOTE

       If  -f isn't given, ask user for confirmation for each process to kill. If signal isn't given, try first with signal 15 and after that with
       signal 9. If -t is given the processes is only shown on stdout.

SEE ALSO

       isamchk(1), isamlog(1), mysql(1), mysqlaccess(1), mysqladmin(1), mysqld(1), mysqld_multi(1), mysqld_safe(1), mysqldump(1), mysql_fix_privi-
       lege_tables(1), mysqlshow(1), perror(1), replace(1)

       For  more information please refer to the MySQL reference manual, which may already be installed locally and which is also available online
       at http://www.mysql.com/doc/en/

BUGS

       Please refer to http://bugs.mysql.com/ to report bugs.

AUTHOR

       Ver 1.0, distribution 4.0.24 Michael (Monty) Widenius (monty@mysql.com), MySQL AB (http://www.mysql.com/). This software comes with no war-
       ranty.  Manual  page  by L. (Kill-9) Pedersen (kill-9@kill-9.dk), Mercurmedia Data Model Architect / system developer (http://www.mercurme-
       dia.com)

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +--------------------+------------------------------------+
       |  ATTRIBUTE TYPE    |	       ATTRIBUTE VALUE		 |
       +--------------------+------------------------------------+
       |Availability	    | SUNWmysqlr, SUNWmysqlu, SUNWmysqlt |
       +--------------------+------------------------------------+
       |Interface Stability | External				 |
       +--------------------+------------------------------------+
NOTES

       Source for mysql is available on http://opensolaris.org.

MySQL 4.0							 19 December 2000							    zap(1)