-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christian,
thanks for your message! On Tue, 28 Mar 2006, Christian Hammers wrote: > I've just got aware of the following security issue: > > CVE-2006-0903 > "MySQL 5.0.18 and earlier allows local users to bypass logging > mechanisms via SQL queries that contain the NULL character, > which are not properly handled by the mysql_real_query function." > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903 > > As http://bugs.mysql.com/ does currently not respond I cannot lookup > the corresponding MySQL bug report. Does anybody know if this issue > exists in 4.0 and 4.1 and if so, if patches exists that could be used > in the distributions security advisories? > > BTW: I cannot find a reference to this in the official Changelog neither? This one never came through to us via [EMAIL PROTECTED] However, there is a related bug report here: http://bugs.mysql.com/bug.php?id=17667 - a patch has been commited and will be included in upcoming releases. Note that this only affects the general (plaintext) log, not the binary log. Bye, LenZ - -- Lenz Grimmer <[EMAIL PROTECTED]> Community Relations Manager, EMEA MySQL GmbH, http://www.mysql.de/, Hamburg, Germany MySQL Users Conference 2006 (Santa Clara CA, 24-27 April) - http://www.mysqluc.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFELWVxSVDhKrJykfIRAjCgAJ0Uan4dfSUrQTka/zVL9qM6wdXFiwCeNOMe TTRqWcFyaldnzvv291uIrdM= =AElD -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
