Advisories:rPSA-2006-0089

From rPath Wiki

rPath Security Advisory 2006-0089-1

Published: 2006-06-01

Products

• rPath Linux 1

Rating

Severe

Exposure Level Classification

Local System User Deterministic Vulnerability

Updated Versions

• mysql=conary.rpath.com@rpl:1/5.0.22-1-0.1
• mysql-bench=conary.rpath.com@rpl:1/5.0.22-1-0.1
• mysql-server=conary.rpath.com@rpl:1/5.0.22-1-0.1

rPath Issue Tracking System

• RPL-396

References

• CVE-2006-2753
• http://lists.mysql.com/announce/364

Description

Previous versions of mysql server and client libraries contain

weaknesses parsing certain character encodings (such as SJIS,

BIG5 and GBK, but not ASCII) which, when using the vulnerable

encodings, can enable SQL injection attacks against applications

(particularly web applications) which use non-standard escaping of

quote characters.

Because vulnerable escaping of quote characters is no longer allowed,

some existing applications may not function correctly when used with

the new release of mysql.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html