Mandriva: Updated mysql packages fix vulnerabilities

07-21-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Mandriva: Updated mysql packages fix vulnerabilities

LinuxSecurity.com: Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227). Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct these issues.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

CGI::Session::Driver::mysql(3) User Contributed Perl Documentation CGI::Session::Driver::mysql(3) NAME
CGI::Session::Driver::mysql - CGI::Session driver for MySQL database SYNOPSIS
$s = new CGI::Session( 'driver:mysql', $sid); $s = new CGI::Session( 'driver:mysql', $sid, { DataSource => 'dbi:mysql:test', User => 'sherzodr', Password => 'hello' }); $s = new CGI::Session( 'driver:mysql', $sid, { Handle => $dbh } ); DESCRIPTION
mysql stores session records in a MySQL table. For details see CGI::Session::Driver::DBI, its parent class. It's especially important for the MySQL driver that the session ID column be defined as a primary key, or at least "unique", like this: CREATE TABLE sessions ( id CHAR(32) NOT NULL PRIMARY KEY, a_session TEXT NOT NULL ); To use different column names, change the 'create table' statement, and then simply do this: $s = new CGI::Session('driver:mysql', undef, { TableName=>'session', IdColName=>'my_id', DataColName=>'my_data', DataSource=>'dbi:mysql:project', }); or $s = new CGI::Session('driver:mysql', undef, { TableName=>'session', IdColName=>'my_id', DataColName=>'my_data', Handle=>$dbh, }); DRIVER ARGUMENTS mysql driver supports all the arguments documented in CGI::Session::Driver::DBI. In addition, DataSource argument can optionally leave leading "dbi:mysql:" string out: $s = new CGI::Session( 'driver:mysql', $sid, {DataSource=>'shopping_cart'}); # is the same as: $s = new CGI::Session( 'driver:mysql', $sid, {DataSource=>'dbi:mysql:shopping_cart'}); BACKWARDS COMPATIBILITY As of V 4.30, the global variable $CGI::Session::MySQL::TABLE_NAME cannot be used to set the session table's name. This is due to changes in CGI::Session::Driver's new() method, which now allows the table's name to be changed (as well as allowing both the 'id' column name and the 'a_session' column name to be changed). See the documentation for CGI::Session::Driver::DBI for details. In particular, the new syntax for "new()" applies to all database drivers, whereas the old - and bad - global variable method only applied to MySQL. Alternately, call $session -> table_name('new_name') just after creating the session object if you wish to change the session table's name. LICENSING
For support and licensing see CGI::Session. perl v5.16.3 2008-07-16 CGI::Session::Driver::mysql(3)

Security Advisories (RSS)

Mandriva: Updated mysql packages fix vulnerabilities

LEARN ABOUT CENTOS

cgi::session::driver::mysql