Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : mysql (SSA:2006-155-01)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2
and -current to fix security issues. The MySQL packages shipped with
Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information
found in uninitialized memory to authenticated users. This is fixed in
the new packages, and was already patched in Slackware 10.2 and
-current. Since the vulnerabilities require a valid login and/or
access to the database server, the risk is moderate. Slackware does
not provide network access to a MySQL database by default.

See also :

http://lists.mysql.com/announce/364
http://lists.mysql.com/announce/365
http://www.nessus.org/u?dd83617d

Solution :

Update the affected mysql package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Slackware Local Security Checks

Nessus Plugin ID: 21639 ()

Bugtraq ID:

CVE ID: CVE-2006-1516
CVE-2006-1517
CVE-2006-2753