Ubuntu Security Notice USN-283-1
8th May, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
Details
Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)
Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- mysql-server
- mysql-server-4.1
- Ubuntu 5.04:
- mysql-server
- mysql-server-4.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None