OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 16-Dec-2002 11:35:43
Branch: HEAD Handle: 2002121610354300
Modified files:
openpkg-web/security OpenPKG-SA-2002.013-mysql.txt
Log:
polish formatting, add signature
Summary:
Revision Changes Path
1.3 +24 -15 openpkg-web/security/OpenPKG-SA-2002.013-mysql.txt
____________________________________________________________________________
Index: openpkg-web/security/OpenPKG-SA-2002.013-mysql.txt
============================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2002.013-mysql.txt
--- openpkg-web/security/OpenPKG-SA-2002.013-mysql.txt 13 Dec 2002 13:47:22
-0000 1.2
+++ openpkg-web/security/OpenPKG-SA-2002.013-mysql.txt 16 Dec 2002 10:35:43
-0000 1.3
@@ -1,9 +1,12 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
-OpenPKG-SA-2002.013 13-Dec-2002
+OpenPKG-SA-2002.013 16-Dec-2002
________________________________________________________________________
Package: mysql
@@ -18,24 +21,24 @@
OpenPKG CURRENT <= mysql-3.23.53-20021204 >= mysql-3.23.54-20021212
Description:
- The e-matters [0] company discovered two flaws [1] within the MySQL [2]
- server that can be used by any MySQL user to crash the server. One of
- the flaws can be used to bypass the MySQL password check or to execute
- arbitrary code with the privileges of the user running mysqld.
-
- They also discovered an arbitrary size heap overflow within the mysql
- client library and another vulnerability that allows to write '\0' to
- any memory address. Both flaws could allow DOS attacks against or
- arbitrary code execution within anything linked against libmysqlclient.
+ The e-matters [0] company discovered two flaws [1] within the MySQL
+ [2] server that can be used by any MySQL user to crash the server.
+ One of the flaws can be used to bypass the MySQL password check or
+ to execute arbitrary code with the privileges of the user running
+ mysqld(8).
+
+ They also discovered an arbitrary size heap overflow within the
+ MySQL client library and another vulnerability that allows to write
+ '\0' to any memory address. Both flaws could allow DOS attacks
+ against or arbitrary code execution within anything linked against
+ libmysqlclient.
Check whether you are affected by running "<prefix>/bin/rpm -q mysql".
- If you have an affected version of the mysql package (see above), please
- upgrade it according to the solution below.
-
-Workaround:
+ If you have an affected version of the "mysql" package (see above),
+ please upgrade it according to the solution below.
Solution:
- Update existing packages to newly patched versions of mysql. Select the
+ Update existing packages to newly patched versions of MySQL. Select the
updated source RPM appropriate for your OpenPKG release [3][4][5], and
fetch it from the OpenPKG FTP service or a mirror location. Verify its
integrity [6], build a corresponding binary RPM from it and update your
@@ -74,4 +77,10 @@
using GnuPG (http://www.gnupg.org/). For example, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+iEYEARECAAYFAj39rFwACgkQgHWT4GPEy59OOQCfRNp25g3jXbRoIITZnwnpT7lo
+0q8AoMCazmZmwIs0sqxUJF4wfwbsC6Zz
+=6WvF
+-----END PGP SIGNATURE-----
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
