Your submission was sent successfully! Close

USN-321-1: mysql-dfsg-4.1 vulnerability

21 July 2006

mysql-dfsg-4.1 vulnerability



Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • mysql-server-4.1 - 4.1.12-1ubuntu3.7

In general, a standard system upgrade is sufficient to effect the
necessary changes.