USN-32-1 fixed a database privilege escalation vulnerability; original advisory text:
“If a user was granted privileges to a database with a name containing an underscore (”_“), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)”
6 April 2005
A security issue affects these releases of Ubuntu and its derivatives:
USN-32-1 fixed a database privilege escalation vulnerability; original advisory text:
“If a user was granted privileges to a database with a name containing an underscore (”_“), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)”
Recently a corner case was discovered where this vulnerability can still be exploited, so another update is necessary.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.