[debian-mysql] Bug#460873: mysql-dfsg-5.0 multiple vulnerabilities in yassl included by mysql

Nico Golde nion at debian.org
Tue Jan 15 12:23:01 UTC 2008


Package: mysql-dfsg-5.0
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.

CVE-2008-0227[0]:
| yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products,
| allows remote attackers to cause a denial of service (crash) via a
| Hello packet containing a large size value, which triggers a buffer
| over-read in the HASHwithTransform::Update function in hash.cpp.

CVE-2008-0226[0]:
| Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL
| and possibly other products, allow remote attackers to execute
| arbitrary code via (1) the ProcessOldClientHello function in
| handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.


If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20080115/1d3bcc5f/attachment.pgp 


More information about the pkg-mysql-maint mailing list