------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#29 ------------------------------------------------------------
Name: mysql Date: 2007-05-09 Severity: Medium Warning #: 2007-#29 ------------------------------------------------------------ Product Background =================== MySQL is a popular multi-threaded, multi-user SQL server. Problem Background =================== mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata. Impact ================== In both cases, a remote attacker could send a specially crafted SQL request to the server, possibly resulting in a server crash. Note that the attacker needs the ability to execute SELECT queries. Workaround ========== There is no known workaround at this time. Problem Packages =================== Package: mysql Repo: current Group: daemon Unsafe: < 5.0.38 Safe: >= 5.0.38 Package Fix =================== Upgrade to 5.0.41 =================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== [ 1 ] Original Report http://bugs.mysql.com/bug.php?id=27513 [ 2 ] CVE-2007-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
