[Bug 1515] New: Vulnerability in mysql, fixed in 4.1.13

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Tue Aug 9 06:42:16 PDT 2005


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1515

           Summary: Vulnerability in mysql, fixed in 4.1.13
           Product: Beyond LinuxFromScratch
           Version: d-6.1
          Platform: All
               URL: http://www.securityfocus.com/archive/1/407648/30/0/threa
                    ded
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: ken at kenmoffat.uklinux.net
         QAContact: blfs-book at linuxfromscratch.org


The reference talks of a vulnerability in user-defined functions (severity low)
from a buffer overflow.  My re-reading of the report eventually convinced me
that it is fixed in 4.1.13.  Certainly there is a code change in sql/sql_udf.cc
that looks reevant, but nothing in the ChangeLog!

 Latest version is 4.1.13a (extra fixes for people using the static libz from 
the mysql package), recommend upgrading both 6.1 and svn.

 The current instructions for 4.1.12 build and test ok on my LFS-6.1 desktop
with a 2.6.13-rc5 kernel, but I haven't attempted to install this.

Ken



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list