Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0544
HistoryJun 09, 2006 - 5:37 p.m.

mysql security update

2006-06-0917:37:00
CentOS Project
lists.centos.org
53

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.834 High

EPSS

Percentile

98.4%

JSON

CentOS Errata and Security Advisory CESA-2006:0544

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld) and
many different client programs and libraries.

A flaw was found in the way the MySQL mysql_real_escape() function escaped
strings when operating in a multibyte character encoding. An attacker
could provide an application a carefully crafted string containing
invalidly-encoded characters which may be improperly escaped, leading to
the injection of malicious SQL commands. (CVE-2006-2753)

An information disclosure flaw was found in the way the MySQL server
processed malformed usernames. An attacker could view a small portion
of server memory by supplying an anonymous login username which was not
null terminated. (CVE-2006-1516)

An information disclosure flaw was found in the way the MySQL server
executed the COM_TABLE_DUMP command. An authenticated malicious user could
send a specially crafted packet to the MySQL server which returned
random unallocated memory. (CVE-2006-1517)

A log file obfuscation flaw was found in the way the mysql_real_query()
function creates log file entries. An attacker with the the ability to call
the mysql_real_query() function against a mysql server can obfuscate the
entry the server will write to the log file. However, an attacker needed
to have complete control over a server in order to attempt this attack.
(CVE-2006-0903)

This update also fixes numerous non-security-related flaws, such as
intermittent authentication failures.

All users of mysql are advised to upgrade to these updated packages
containing MySQL version 4.1.20, which is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-June/075113.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075114.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075122.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075123.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075124.html

Affected packages:
mysql
mysql-bench
mysql-devel
mysql-server

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0544

OSVersionArchitecturePackageVersionFilename
CentOS4i386mysql< 4.1.20-1.RHEL4.1mysql-4.1.20-1.RHEL4.1.i386.rpm
CentOS4x86_64mysql< 4.1.20-1.RHEL4.1mysql-4.1.20-1.RHEL4.1.x86_64.rpm
CentOS4x86_64mysql-bench< 4.1.20-1.RHEL4.1mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm
CentOS4x86_64mysql-devel< 4.1.20-1.RHEL4.1mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm
CentOS4x86_64mysql-server< 4.1.20-1.RHEL4.1mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm
CentOS4i386mysql< 4.1.20-1.RHEL4.1mysql-4.1.20-1.RHEL4.1.i386.rpm
CentOS4i386mysql-bench< 4.1.20-1.RHEL4.1mysql-bench-4.1.20-1.RHEL4.1.i386.rpm
CentOS4i386mysql-devel< 4.1.20-1.RHEL4.1mysql-devel-4.1.20-1.RHEL4.1.i386.rpm
CentOS4i386mysql-server< 4.1.20-1.RHEL4.1mysql-server-4.1.20-1.RHEL4.1.i386.rpm
CentOS4ia64mysql< 4.1.20-1.RHEL4.1mysql-4.1.20-1.RHEL4.1.ia64.rpm
Rows per page:
1-10 of 251

Related

redhat 3
nessus 39
openvas 28
slackware 2
osv 5
debian 8
ubuntu 6
gentoo 2
altlinux 2
freebsd 1
suse 1
ubuntucve 6
cve 6
checkpoint_advisories 5
veracode 2
prion 4
securityvulns 3
oraclelinux 1
redhat
redhat
(RHSA-2006:0544) mysql security update
2006-06-09 00:00:00
(RHSA-2007:0083) Low: mysql security update
2007-02-19 00:00:00
(RHSA-2008:0364) Low: mysql security and bug fix update
2008-05-20 00:00:00
nessus
nessus
RHEL 4 : mysql (RHSA-2006:0544)
2006-06-11 00:00:00
CentOS 4 : mysql (CESA-2006:0544)
2006-07-05 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : mysql (SSA:2006-155-01)
2006-06-05 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2006-155-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2006-155-01 mysql
2012-09-11 00:00:00
Debian: Security Advisory (DSA-1073-1)
2008-01-17 00:00:00
slackware
slackware
[slackware-security] mysql
2006-06-05 08:12:48
[slackware-security] mysql
2006-05-09 22:19:51
osv
osv
mysql - several vulnerabilities
2006-05-22 00:00:00
mysql-dfsg-4.1 - several vulnerabilities
2006-05-22 00:00:00
mysql-dfsg - several
2006-05-29 00:00:00
debian
debian
[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities
2006-05-22 16:04:10
[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities
2006-05-22 16:04:10
[SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities
2006-05-22 09:30:15
ubuntu
ubuntu
MySQL vulnerabilities
2006-05-08 00:00:00
MySQL vulnerability
2006-04-27 00:00:00
MySQL vulnerability
2006-05-15 00:00:00
gentoo
gentoo
MySQL: Information leakage
2006-05-11 00:00:00
MySQL: SQL Injection
2006-06-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.21-alt1
2006-05-10 00:00:00
Security fix for the ALT Linux 5 package MySQL version 5.0.18-alt2
2006-04-09 00:00:00
freebsd
freebsd
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
2006-05-02 00:00:00
suse
suse
remote code execution in mysql
2006-06-23 08:26:58
ubuntucve
ubuntucve
CVE-2006-4380
2006-08-28 00:00:00
CVE-2006-0903
2006-02-27 00:00:00
CVE-2006-1517
2006-05-05 00:00:00
cve
cve
CVE-2006-4380
2006-08-28 18:04:00
CVE-2006-0903
2006-02-27 23:02:00
CVE-2006-1517
2006-05-05 12:46:00
checkpoint_advisories
checkpoint_advisories
MySQL COM_TABLE_DUMP Function Stack Overflow (CVE-2006-1517)
2009-11-12 00:00:00
Preemptive Protection against MySQL sql_parse Information Disclosure Vulnerabilities
2006-06-18 00:00:00
MySQL Login Handshake Information Disclosure (CVE-2006-1516)
2009-11-12 00:00:00
veracode
veracode
Bypass Logging Mechanism
2020-04-10 00:14:19
Denial Of Service (DoS)
2020-04-10 00:14:19
prion
prion
Design/Logic Flaw
2006-02-27 23:02:00
Design/Logic Flaw
2006-05-05 12:46:00
Design/Logic Flaw
2006-05-05 12:46:00
securityvulns
securityvulns
[ MDKSA-2006:097 ] - Updated MySQL packages fixes SQL injection vulnerability.
2006-06-08 00:00:00
[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug
2006-09-01 00:00:00
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
oraclelinux
oraclelinux
mysql security and bug fix update
2008-05-30 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.834 High

EPSS

Percentile

98.4%

JSON
Related for CESA-2006:0544
redhat3nessus39openvas28slackware2osv5debian8ubuntu6gentoo2altlinux2freebsd1suse1ubuntucve6cve6checkpoint_advisories5veracode2prion4securityvulns3oraclelinux1