News

=========================================================== Ubuntu Security Notice USN-180-2 December 05, 2005 mysql-dfsg-4.1 vulnerability CVE-2005-2558 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: mysql-server-4.1 The problem can be corrected by upgrading the affected package to version 4.1.12-1ubuntu3.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-180-1 fixed a vulnerability in the mysql-server package (which ships version 4.0). Version 4.1 is vulnerable against the same flaw. Please note that this package is not officially supported in Ubuntu 5.10. Origial advisory: "AppSecInc Team SHATTER discovered a buffer overflow in the "CREATE FUNCTION" statement. By specifying a specially crafted long function name, a local or remote attacker with function creation privileges could crash the server or execute arbitrary code with server privileges. However, the right to create function is usually not granted to untrusted users."