[Technik] [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Noèl Köthe
noel at debian.org
Thu Jan 31 11:19:35 CET 2008
Am Montag, den 28.01.2008, 21:20 +0100 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA-1478-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> January 28, 2008 http://www.debian.org/security/faq
>
> Package : mysql-dfsg-5.0
> Vulnerability : buffer overflows
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2008-0226 CVE-2008-0227
mysql-dfsg-5.0 auf h01, h02, h03, h04, h51, h52 und wasco aktualisiert.
> For the stable distribution (etch), these problems have been fixed in
> version 5.0.32-7etch5.
changelog:
mysql-dfsg-5.0 (5.0.32-7etch5) stable-security; urgency=high
* SECURITY:
Fix for CVE-2008-0226 and CVE-2008-0227: Three vulnerabilities in yaSSL
versions 1.7.5 and earlier were discovered that could lead to a server
crash or execution of unauthorized code. The exploit requires a server
with yaSSL enabled and TCP/IP connections enabled, but does not require
valid MySQL account credentials. The exploit does not apply to OpenSSL.
(closes: #460873)
-- Norbert Tretkowski <nobse at debian.org> Thu, 24 Jan 2008 09:22:03 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080131/3e628b95/attachment.pgp
More information about the Technik
mailing list