Debian Security Advisory DSA 1478-1 (mysql-dfsg-5.0) Network Vulnerability

Summary

The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1478-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201478-1

Insight

Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. For the unstable distribution (sid), these problems have been fixed in version 5.0.51-3. For the stable distribution (etch), these problems have been fixed in version 5.0.32-7etch5. The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0. We recommend that you upgrade your mysql-dfsg-5.0 package.

Severity

Classification

CVE CVE-2008-0226, CVE-2008-0227
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 100-1 (gzip)
Debian Security Advisory DSA 082-1 (xvt)
Debian Security Advisory DSA 089-1 (icecast-server)
Debian Security Advisory DSA 058-1 (exim)
Debian Security Advisory DSA 003-1 (joe)

Take action and discover your vulnerabilities