Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2009-1289

Опубликовано: 08 сент. 2009
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2009-1289: mysql security and bug fix update (MODERATE)

[5.0.77-3]

  • Add fix for CVE-2009-2446 (format string vulnerability in COM_CREATE_DB and COM_DROP_DB processing) Resolves: #512200

[5.0.77-2]

  • Back-port upstream fix for CVE-2008-4456 (mysql command line client XSS flaw) Resolves: #502169

[5.0.77-1]

  • Update to MySQL 5.0.77, for numerous fixes described at http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-77.html including low-priority security issues CVE-2008-2079, CVE-2008-3963 Resolves: #448487, #448534, #452824, #453156, #455619, #456875 Resolves: #457218, #462534, #470036, #476896, #479615
  • Improve mysql.init to pass configured datadir to mysql_install_db, and to force user=mysql for both mysql_install_db and mysqld_safe. Resolves: #450178
  • Fix mysql.init to wait correctly when socket is not in default place Resolves: #435494

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

mysql

5.0.77-3.el5

mysql-bench

5.0.77-3.el5

mysql-devel

5.0.77-3.el5

mysql-server

5.0.77-3.el5

mysql-test

5.0.77-3.el5

Oracle Linux x86_64

mysql

5.0.77-3.el5

mysql-bench

5.0.77-3.el5

mysql-devel

5.0.77-3.el5

mysql-server

5.0.77-3.el5

mysql-test

5.0.77-3.el5

Oracle Linux i386

mysql

5.0.77-3.el5

mysql-bench

5.0.77-3.el5

mysql-devel

5.0.77-3.el5

mysql-server

5.0.77-3.el5

mysql-test

5.0.77-3.el5

Связанные CVE

CVE-2008-3963
CVE-2009-2446
CVE-2008-4456
CVE-2008-2079

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2008-3963

ubuntu
почти 17 лет назад

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

redhat логотип

CVE-2008-3963

redhat
почти 17 лет назад

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

nvd логотип

CVE-2008-3963

nvd
почти 17 лет назад

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

debian логотип

CVE-2008-3963

debian
почти 17 лет назад

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...

github логотип

GHSA-hp64-jg7m-f9mq

github
около 3 лет назад

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.