A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users. The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed: woody sarge sid mysql 3.23.49-8.14 n/a n/a mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1 mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2 mysql-dfsg-5.0 n/a n/a 5.0.11beta-3 We recommend that you upgrade your mysql packages.
A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.
The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed:
woody | sarge | sid | |
---|---|---|---|
mysql | 3.23.49-8.14 | n/a | n/a |
mysql-dfsg | n/a | 4.0.24-10sarge1 | 4.0.24-10sarge1 |
mysql-dfsg-4.1 | n/a | 4.1.11a-4sarge2 | 4.1.14-2 |
mysql-dfsg-5.0 | n/a | n/a | 5.0.11beta-3 |
We recommend that you upgrade your mysql packages.
MD5 checksums of the listed files are available in the original advisory.