Security 10808 Published by

Red Hat has released updated MySQL packages for Red Hat Linux



Frank Denis reported a bug in unpatched versions of MySQL prior to version 3.23.58. Passwords for MySQL users are stored in the Password field of theuser table. Under this bug, a Password field with a value greater than 16 characters can cause a buffer overflow. It may be possible for an attacker with the ability to modify the user table to exploit this buffer overflowto execute arbitrary code as the MySQL user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0780 to this issue.Users of MySQL are advised to upgrade to these erratum packages containing MySQL 3.23.58, which is not vulnerable to this issue.
Read more