Mandriva Linux Security Advisory : mysql (MDVSA-2009:159)
High Nessus Plugin ID 40397
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in mysql :
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third-party information (CVE-2009-2446).
This update provides fixes for this vulnerability.
SolutionUpdate the affected packages.