by CIO Staff

MySQL Releases Security Patch

News
May 04, 20061 min
Data Management

MySQL this week issued a security patch for multiple vulnerabilities in its MySQL open-source database.

The MySQL 5.0.21 update patches three flaws that affect versions 4.0.26, 4.1.18, 5.0.20 and 5.1.9, as well as prior versions of the company’s database, according to security company FrSIRT.com.

FrSIRT rated the flaws as “moderate” and said they can be exploited both remotely and locally.

According to FrSIRT, the first flaw is due to a buffer overflow error in the “sql_base.cc” script. The vulnerability could be exploited by authenticated attackers to execute arbitrary commands, the security company said in its advisory.

Input validation errors in the “sql_parse.cc” file are the cause of the second and third vulnerabilities, according to FrSIRT. These could be exploited by attackers to cause portions of the memory to be disclosed in error messages.

More information about the fix can be found on MySQL’s website.

-Elizabeth Montalbano, IDG News Service

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.