|
Family: Debian Local Security Checks --> Category: infos
[DSA1092] DSA-1092-1 mysql-dfsg-4.1 Vulnerability Scan
Vulnerability Scan Summary DSA-1092-1 mysql-dfsg-4.1
Detailed Explanation for this Vulnerability Test
Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL
database, incorrectly parses a string escaped with mysql_real_escape()
which could lead to SQL injection. This problem does only exist in
versions 4.1 and 5.0.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 4.1.11a-4sarge4.
For the unstable distribution (sid) this problem has been fixed in
version 5.0.21-4.
Version 4.0 in the stable distribution (sarge) is also not affected by
this problem.
We recommend that you upgrade your mysql packages.
Solution : http://www.debian.org/security/2006/dsa-1092
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|