-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-08 - - - ---------------------------------------------------------------------
� � � � � PACKAGE : mysql � � � � � SUMMARY : buffer overflow � � � � � � �DATE : 2003-09-15 10:00 UTC � � � � � EXPLOIT : remote VERSIONS AFFECTED : <mysql-3.23.57-r1 <mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked) � � FIXED VERSION : >=mysql-3.23.57-r1 >=mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked) � � � � � � � CVE : CAN-2003-0780 - - - --------------------------------------------------------------------- quote from advisory: "Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system account running the MySQL server." read the full advisory at: http://www.securityfocus.com/archive/1/337012 SOLUTION It is recommended that all Gentoo Linux users who are running dev-db/mysql upgrade to either one of these versions: 3.23.x - mysql-3.23.57-r1 4.0.x - mysql-4.0.13-r4 OR mysql-4.0.14-r2 if accepting "~" keywords. emerge sync emerge \=dev-db/mysql/<mysql version> emerge clean - - - --------------------------------------------------------------------- [EMAIL PROTECTED] - GnuPG key is available at http://dev.gentoo.org/~aliz [EMAIL PROTECTED] - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/ZY3cfT7nyhUpoZMRAjpJAJ0ZTUg/pJxdsWeIpxTJX/cDMatkEQCeKmFU GGrAKtwqtPNuiguwyhelHys= =uFLV -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
