USN-671-1: MySQL vulnerabilities

11-17-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-671-1: MySQL vulnerabilities

Referenced CVEs:
CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098

Description:
===========================================================Ubuntu Security Notice USN-671-1 November 17, 2008mysql-dfsg-5.0 vulnerabilitiesCVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that MySQL could be made to overwrite existing tablefiles in the data directory. An authenticated user could use theDATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilegechecks. This update alters table creation behaviour by disallowing theuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORYoptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)It was discovered that MySQL did not handle empty bit-string literalsproperly. An attacker could exploit this problem and cause the MySQLserver to crash, leading to a denial of service. (CVE-2008-3963)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

SQL::ReservedWords::MySQL(3pm) User Contributed Perl Documentation SQL::ReservedWords::MySQL(3pm) NAME
SQL::ReservedWords::MySQL - Reserved SQL words by MySQL SYNOPSIS
if ( SQL::ReservedWords::MySQL->is_reserved( $word ) ) { print "$word is a reserved MySQL word!"; } DESCRIPTION
Determine if words are reserved by MySQL. METHODS
is_reserved( $word ) Returns a boolean indicating if $word is reserved by either MySQL 3.2, 4.0, 4.1, 5.0 or 5.1. is_reserved_by_mysql3( $word ) Returns a boolean indicating if $word is reserved by MySQL 3.2. is_reserved_by_mysql4( $word ) Returns a boolean indicating if $word is reserved by either MySQL 4.0 or 4.1. is_reserved_by_mysql5( $word ) Returns a boolean indicating if $word is reserved by either MySQL 5.0 or 5.1. reserved_by( $word ) Returns a list with MySQL versions that reserves $word. words Returns a list with all reserved words. EXPORTS
Nothing by default. Following subroutines can be exported: is_reserved is_reserved_by_mysql3 is_reserved_by_mysql4 is_reserved_by_mysql5 reserved_by words SEE ALSO
SQL::ReservedWords <http://dev.mysql.com/doc/> AUTHOR
Christian Hansen "chansen@cpan.org" COPYRIGHT
This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself. perl v5.8.8 2008-03-28 SQL::ReservedWords::MySQL(3pm)

Security Advisories (RSS)

USN-671-1: MySQL vulnerabilities

LEARN ABOUT DEBIAN

sql::reservedwords::mysql