DSA-2581-1 mysql-5.1 -- severalID: oval:org.secpod.oval:def:600922 | Date: (C)2012-12-04 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. Additionally, CVE-2012-5611 has been fixed in this upload. The vulnerability is a stack-based buffer overflow in acl_get when checking user access to a database. Using a carefully crafted database name, an already authenticated MySQL user could make the server crash or even execute arbitrary code as the mysql system user.