Ken Moffat ken at
Tue Aug 9 05:31:13 PDT 2005

 A report on securityfocus at

 says there is a vulnerability where users are allowed to create user
defined functions.  The workaround is to restrict who is allowed to
create user-defined functions.  No cve reference.  Risk level LOW.

 The report says this has been patched by mysql, supposedly in 4.1.13.
I can see a code change in sql/ which might be this fix, but
there is nothing in the ChangeLog.  I'm slightly puzzled, because the
announcement by the people who found it was quite a long time after
4.1.13 was released.

[ The latest version is 4.1.13a, but that addresses zlib vulnerabilities
for people who link statically against the included zlib. ]

 das eine Mal als Tragödie, das andere Mal als Farce

More information about the lfs-security mailing list