Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Mar 2003 16:08:55 +0200
From:      Peter Pentchev <roam@ringlet.net>
To:        Alexandr Kovalenko <never@nevermind.kiev.ua>
Cc:        freebsd-security@freebsd.org
Subject:   Re: MySQL vulnerability: will go into -RELEASE?
Message-ID:  <20030319140855.GG27330@straylight.oblivion.bg>
In-Reply-To: <20030319132332.GA18138@nevermind.kiev.ua>
References:  <20030319132332.GA18138@nevermind.kiev.ua>

next in thread | previous in thread | raw e-mail | index | archive | help

--Oiv9uiLrevHtW1RS
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote:
> I wonder if there are plans to update MySQL to version 3.23.56 before
> 4.8 in order to fix security vulnerability described here:
>=20
> http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D104739810523433&w=3D2
>=20
> ?

I wrote a follow-up to that message which never made it to Bugtraq;
the list moderators somehow failed to act upon it, neither approving
nor rejecting it after a few days.

Basically, the FreeBSD port of MySQL is safe, as long as people use
the startup script provided by the port.  The --user command-line
option overrides any and all config file settings, thus rendering
this particular vulnerability harmless.  Of course, other config file
settings may still affect the MySQL server, but the most dangerous
one is moot for users of the FreeBSD port.

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
I am the thought you are now thinking.

--Oiv9uiLrevHtW1RS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+eHn37Ri2jRYZRVMRAlgAAJ4nwF05hGdCPQpHz65csrO9yUC3EQCdGaXM
bmskDXhGQrnUNTeTxZ/dW1A=
=cjWQ
-----END PGP SIGNATURE-----

--Oiv9uiLrevHtW1RS--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319140855.GG27330>