|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Operating Systems » Linux » Mandriva- Advisories MDKSA-2007:139: Updated MySQL packages fix multiple security issues |
| Linux All distros and thier applications |
 |
 |
|
Thread Tools | Display Modes |  |
|
#1
07-05-2007, 06:04 AM
|
||||
|
||||
|
Mandriva- Advisories MDKSA-2007:139: Updated MySQL packages fix multiple security issues
Advisories MDKSA-2007:139: Updated MySQL packages fix multiple security issues
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. (CVE-2007-1420) The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583) MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691) Updated packages have been patched to prevent the above issues. http://mandrivausers.org/index.php?showtopic=42647 Array Thu, 05 Jul 2007 00:33:31 +0000 
|
 Posted |
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
|
||
|
|
|
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
