USN-671-1: MySQL vulnerabilities

11-17-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-671-1: MySQL vulnerabilities

Referenced CVEs:
CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098

Description:
===========================================================Ubuntu Security Notice USN-671-1 November 17, 2008mysql-dfsg-5.0 vulnerabilitiesCVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that MySQL could be made to overwrite existing tablefiles in the data directory. An authenticated user could use theDATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilegechecks. This update alters table creation behaviour by disallowing theuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORYoptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)It was discovered that MySQL did not handle empty bit-string literalsproperly. An attacker could exploit this problem and cause the MySQLserver to crash, leading to a denial of service. (CVE-2008-3963)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

CGI::Session::Driver::mysql(3) User Contributed Perl Documentation CGI::Session::Driver::mysql(3) NAME
CGI::Session::Driver::mysql - CGI::Session driver for MySQL database SYNOPSIS
$s = new CGI::Session( 'driver:mysql', $sid); $s = new CGI::Session( 'driver:mysql', $sid, { DataSource => 'dbi:mysql:test', User => 'sherzodr', Password => 'hello' }); $s = new CGI::Session( 'driver:mysql', $sid, { Handle => $dbh } ); DESCRIPTION
mysql stores session records in a MySQL table. For details see CGI::Session::Driver::DBI, its parent class. It's especially important for the MySQL driver that the session ID column be defined as a primary key, or at least "unique", like this: CREATE TABLE sessions ( id CHAR(32) NOT NULL PRIMARY KEY, a_session TEXT NOT NULL ); To use different column names, change the 'create table' statement, and then simply do this: $s = new CGI::Session('driver:mysql', undef, { TableName=>'session', IdColName=>'my_id', DataColName=>'my_data', DataSource=>'dbi:mysql:project', }); or $s = new CGI::Session('driver:mysql', undef, { TableName=>'session', IdColName=>'my_id', DataColName=>'my_data', Handle=>$dbh, }); DRIVER ARGUMENTS mysql driver supports all the arguments documented in CGI::Session::Driver::DBI. In addition, DataSource argument can optionally leave leading "dbi:mysql:" string out: $s = new CGI::Session( 'driver:mysql', $sid, {DataSource=>'shopping_cart'}); # is the same as: $s = new CGI::Session( 'driver:mysql', $sid, {DataSource=>'dbi:mysql:shopping_cart'}); BACKWARDS COMPATIBILITY As of V 4.30, the global variable $CGI::Session::MySQL::TABLE_NAME cannot be used to set the session table's name. This is due to changes in CGI::Session::Driver's new() method, which now allows the table's name to be changed (as well as allowing both the 'id' column name and the 'a_session' column name to be changed). See the documentation for CGI::Session::Driver::DBI for details. In particular, the new syntax for "new()" applies to all database drivers, whereas the old - and bad - global variable method only applied to MySQL. Alternately, call $session -> table_name('new_name') just after creating the session object if you wish to change the session table's name. LICENSING
For support and licensing see CGI::Session. perl v5.16.3 2008-07-16 CGI::Session::Driver::mysql(3)

Security Advisories (RSS)

USN-671-1: MySQL vulnerabilities

LEARN ABOUT CENTOS

cgi::session::driver::mysql