Your submission was sent successfully! Close

USN-283-1: MySQL vulnerabilities

8 May 2006

MySQL vulnerabilities



Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • mysql-server-4.1 -
  • mysql-server -
Ubuntu 5.04
  • mysql-server-4.1 -
  • mysql-server -

In general, a standard system update will make all the necessary changes.