Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Mandriva: Updated mysql packages fix vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Mandriva: Updated mysql packages fix vulnerabilities
# 1  
Old 07-21-2008
Mandriva: Updated mysql packages fix vulnerabilities
LinuxSecurity.com: Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227). Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct these issues.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

mysql_secure_installation

MYSQL_SECURE_INST(1)					       MySQL Database System					      MYSQL_SECURE_INST(1)

NAME

       mysql_secure_installation - improve MySQL installation security

SYNOPSIS

       mysql_secure_installation

DESCRIPTION

       This program enables you to improve the security of your MySQL installation in the following ways:

       o   You can set a password for root accounts.

       o   You can remove root accounts that are accessible from outside the local host.

       o   You can remove anonymous-user accounts.

       o   You can remove the test database, which by default can be accessed by anonymous users.

       Invoke mysql_secure_installation without arguments:

	   shell> mysql_secure_installation

       The script will prompt you to determine which actions to perform.

COPYRIGHT

       Copyright 2007-2008 MySQL AB, 2008-2010 Sun Microsystems, Inc.

       This documentation is free software; you can redistribute it and/or modify it only under the terms of the GNU General Public License as
       published by the Free Software Foundation; version 2 of the License.

       This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with the program; if not, write to the Free Software Foundation,
       Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see http://www.gnu.org/licenses/.

SEE ALSO

       For more information, please refer to the MySQL Reference Manual, which may already be installed locally and which is also available online
       at http://dev.mysql.com/doc/.

AUTHOR

       Sun Microsystems, Inc. (http://www.mysql.com/).

MySQL 5.1							    04/06/2010						      MYSQL_SECURE_INST(1)