ken at kenmoffat.uklinux.net
Tue Aug 9 05:31:13 PDT 2005
A report on securityfocus at
says there is a vulnerability where users are allowed to create user
defined functions. The workaround is to restrict who is allowed to
create user-defined functions. No cve reference. Risk level LOW.
The report says this has been patched by mysql, supposedly in 4.1.13.
I can see a code change in sql/sql_udf.cc which might be this fix, but
there is nothing in the ChangeLog. I'm slightly puzzled, because the
announcement by the people who found it was quite a long time after
4.1.13 was released.
[ The latest version is 4.1.13a, but that addresses zlib vulnerabilities
for people who link statically against the included zlib. ]
das eine Mal als Tragödie, das andere Mal als Farce
More information about the lfs-security