openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-5341)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The database server MySQL was updated to fix a security problem :

CVE-2008-2079: MySQL allowed local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the
MySQL home data directory, which can point to tables that are created
in the future.

CVE-2006-7232: sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x
before 5.1.14 allows remote authenticated users to cause a denial of
service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table, as originally demonstrated using ORDER BY.

Solution :

Update the affected libmysqlclient-devel packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 33885 ()

Bugtraq ID:

CVE ID: CVE-2006-7232
CVE-2008-2079

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now