[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2008:028 -- Mandriva mysql

ID: oval:org.secpod.oval:def:301368Date: (C)2012-01-07   (M)2017-10-12
Class: PATCHFamily: unix




The mysql_change_db function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges . The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service via a response that lacks the minimum required number of columns . The updated packages provide MySQL 5.0.45 for all Mandriva Linux platforms that shipped with MySQL 5.0.x which offers a number of feature enhancements and bug fixes. In addition, the updates for Corporate Server 4.0 include support for the Sphinx engine. Please note that due to the package name change , the mysqld service will not restart automatically so users must execute "service mysqld start" after the upgrade is complete.

Platform:
Mandriva Linux 2007.0
Mandriva Linux 2007.1
Product:
mysql
Reference:
MDVSA-2008:028
CVE-2007-2692
CVE-2007-6304
CVE    2
CVE-2007-6304
CVE-2007-2692

© 2013 SecPod Technologies