Icheb
07-22-2005, 11:38 AM
Just received the following message:
TITLE:
MySQL Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA16170
VERIFY ADVISORY:
http://secunia.com/advisories/16170/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
MySQL 4.x
http://secunia.com/product/404/
DESCRIPTION:
Some vulnerabilities have been reported in MySQL, which can be
exploited by malicious users to cause a DoS (Denial of Service), or
potentially by malicious people to execute arbitrary code.
1) MySQL uses a vulnerable version of the zlib library.
For more information:
SA15949
2) It is possible for malicious users to crash the server in various
ways. See the vendor advisory for details.
SOLUTION:
Update to version 4.1.13.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://dev.mysql.com/doc/mysql/en/news-4-1-13.html
All fine and well, but what should be done with 4.0.x servers ?
I know 4.1 is stable, but still, I really wouldn't like to have to replace 4.0 on our main production servers...
TITLE:
MySQL Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA16170
VERIFY ADVISORY:
http://secunia.com/advisories/16170/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
MySQL 4.x
http://secunia.com/product/404/
DESCRIPTION:
Some vulnerabilities have been reported in MySQL, which can be
exploited by malicious users to cause a DoS (Denial of Service), or
potentially by malicious people to execute arbitrary code.
1) MySQL uses a vulnerable version of the zlib library.
For more information:
SA15949
2) It is possible for malicious users to crash the server in various
ways. See the vendor advisory for details.
SOLUTION:
Update to version 4.1.13.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://dev.mysql.com/doc/mysql/en/news-4-1-13.html
All fine and well, but what should be done with 4.0.x servers ?
I know 4.1 is stable, but still, I really wouldn't like to have to replace 4.0 on our main production servers...