Gentoo: 202310-12 Important: PostgreSQL Remote Code Execution Vulnerability
gentoo
September 15, 2003
Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system acc...
Summary
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-08
FIXED VERSION : >=mysql-3.23.57-r1 >=mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked)
quote from advisory:
"Anyone with global administrative privileges on a MySQL server may
execute arbitrary code even on a host he isn't supposed to have a shell
on, with the privileges of the system account running the MySQL server."
read the full advisory at:
SOLUTION
It is recommended that all Gentoo Linux users who are running
dev-db/mysql upgrade to either one of these versions:
3.23.x - mysql-3.23.57-r1
4.0.x - mysql-4.0.13-r4 OR
mysql-4.0.14-r2 if accepting "~" keywords.
emerge sync
emerge \=dev-db/mysql/
emerge clean
aliz@gentoo.org - GnuPG key is available at
solar@gentoo.org
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
PACKAGE : mysql
SUMMARY : buffer overflow
DATE : 2003-09-15 10:00 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <mysql-3.23.57-r1 =mysql-4.0.14-r2(masked)
CVE : CAN-2003-0780
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!