CVE-2008-0226
Published: 10 January 2008
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Notes
| Author | Note |
|---|---|
| jdstrand | dapper not affected (yassl not compiled) |
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
mysql-dfsg-4.1 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
| edgy |
Needed
(reached end-of-life)
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.0.22-0ubuntu6.06.8)
|
| edgy |
Released
(5.0.24a-9ubuntu2.4)
|
|
| feisty |
Released
(5.0.38-0ubuntu1.4)
|
|
| gutsy |
Released
(5.0.45-1ubuntu3.3)
|
|
| hardy |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
| intrepid |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
| jaunty |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
| karmic |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1478 |
||