| |||||||||||||||||||
Pardus alert 2010-117 (mysql-server)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-117 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-08-24 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A security issue has been fixed in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). Description =========== CVE-2010-2008: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. Affected packages: Pardus 2009: mysql-server, all before 5.1.48-49-12 Resolution ========== There are update(s) for mysql-server. You can update them via Package Manager or with a single command from console: pisi up mysql-server References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13955 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||