A report on securityfocus at http://www.securityfocus.com/archive/1/407648/30/0/threaded
says there is a vulnerability where users are allowed to create user defined functions. The workaround is to restrict who is allowed to create user-defined functions. No cve reference. Risk level LOW. The report says this has been patched by mysql, supposedly in 4.1.13. I can see a code change in sql/sql_udf.cc which might be this fix, but there is nothing in the ChangeLog. I'm slightly puzzled, because the announcement by the people who found it was quite a long time after 4.1.13 was released. [ The latest version is 4.1.13a, but that addresses zlib vulnerabilities for people who link statically against the included zlib. ] Ken -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/lfs-security FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
