[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] MySQL Double Free Bug ( Mysql-3.23.54a )

I've the next error with proftpd.
Jan 29 18:30:43 carran proftpd[2598]: AllowChmod is deprecated, and will
not work consistantly, use <Limit SITE_CHMOD> instead.
  Jan 29 18:31:37 carran proftpd[2596]: 216.155.73.145
  (216.155.73.144[216.155.73.144]) - FTP session opened.
  Jan 29 18:31:37 carran proftpd[2596]: 216.155.73.145
  (216.155.73.144[216.155.73.144]) - FTP session closed.

  My proftpd version is 1.2.4

  I think this is a bug. How can I install this patch and where is this.


  Thanks
  _____________________________
  Jorge H Alvarez G
  Ingeniero Operaciones SURNET
  Telefonica del Sur S.A
  e-mail1:jalvarez@xxxxxxxxxx
  e-mail2:jalvarez@xxxxxxxxx
  URL:www.surnet.cl
  Fono:              (63) 200664,
  Cel:        09 7391036, *1607
  _____________________________
----- Remitido por Jorge Alvarez/TELSUR/CNOTES con fecha 30-01-2003 09:37
-----
                                                                                                                               
                    "Ian"                                                                                                      
                    <cobalt@xxxxxxxxxxxxx>           Para:   cobalt-security@xxxxxxxxxxxxxxx                                   
                    Enviado por:                     cc:                                                                       
                    cobalt-security-admin@list.      Asunto:      [cobalt-security] MySQL Double Free Bug ( Mysql-3.23.54a )   
                    cobalt.com                                                                                                 
                                                                                                                               
                                                                                                                               
                    30-01-2003 06:27                                                                                           
                    Por favor, responda a                                                                                      
                    cobalt-security                                                                                            
                                                                                                                               
                                                                                                                               




Hi,

I new version of Mysql ( 3.23.55) has been releases which fixes a
double free bug, amongst other things:

http://www.mysql.com/doc/en/News-3.23.55.html

<Quote>
Fixed double free'd pointer bug in mysql_change_user() handling, that
enabled a specially hacked version of MySQL client to crash mysqld.

NOTE, that one needs to login to the server by using a valid user
account to be able to exploit this bug.
</Quote>

Will there be a new package being made available ?

As an aside I managed to install 3.23.54a form source on a Raq4i (
for some reason the rpms/pkg wouldn't go in ).  So far it has run
without problems.


Regards

Ian
--

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security