News

=========================================================== Ubuntu Security Notice USN-109-1 April 06, 2005 mysql-dfsg vulnerability CAN-2004-0957 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: mysql-server The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.5. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-32-1 fixed a database privilege escalation vulnerability; original advisory text: "If a user was granted privileges to a database with a name containing an underscore ("_"), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)" Recently a corner case was discovered where this vulnerability can still be exploited, so another update is necessary.