1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
PublicDateAtUSN: 2008-01-10
PublicDate: 2008-01-10
Candidate: CVE-2008-0226
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226
http://www.ubuntu.com/usn/usn-588-1
Description:
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and
possibly other products, allow remote attackers to execute arbitrary code
via (1) the ProcessOldClientHello function in handshake.cpp or (2)
"input_buffer& operator>>" in yassl_imp.cpp.
Ubuntu-Description:
Notes:
jdstrand> dapper not affected (yassl not compiled)
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460873
https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/186978
https://bugs.launchpad.net/ubuntu/gutsy/+source/mysql-dfsg-5.0/+bug/201009
Priority: medium
Assigned-to: jdstrand
Patches_mysql-dfsg-4.1:
upstream_mysql-dfsg-4.1: needs-triage
dapper_mysql-dfsg-4.1: ignored (reached end-of-life)
edgy_mysql-dfsg-4.1: needed (reached end-of-life)
feisty_mysql-dfsg-4.1: DNE
gutsy_mysql-dfsg-4.1: DNE
hardy_mysql-dfsg-4.1: DNE
intrepid_mysql-dfsg-4.1: DNE
jaunty_mysql-dfsg-4.1: DNE
karmic_mysql-dfsg-4.1: DNE
devel_mysql-dfsg-4.1: DNE
Patches_mysql-dfsg-5.0:
vendor: http://www.debian.org/security/2008/dsa-1478
upstream_mysql-dfsg-5.0: needs-triage
dapper_mysql-dfsg-5.0: released (5.0.22-0ubuntu6.06.8)
edgy_mysql-dfsg-5.0: released (5.0.24a-9ubuntu2.4)
feisty_mysql-dfsg-5.0: released (5.0.38-0ubuntu1.4)
gutsy_mysql-dfsg-5.0: released (5.0.45-1ubuntu3.3)
hardy_mysql-dfsg-5.0: not-affected (5.0.51a-1ubuntu1)
intrepid_mysql-dfsg-5.0: not-affected (5.0.51a-1ubuntu1)
jaunty_mysql-dfsg-5.0: not-affected (5.0.51a-1ubuntu1)
karmic_mysql-dfsg-5.0: not-affected (5.0.51a-1ubuntu1)
devel_mysql-dfsg-5.0: not-affected (5.0.51a-1ubuntu1)
|