12 March 2007, 11:26

New version of MySQL fixes DoS vulnerabilities

Version 5.0.37 of the widely used open source SQL database MySQL includes fixes for numerous bugs as well as for various potential vulnerabilities, which could have been exploited by attackers to crash the database. According to security services provider SEC-CONSULT, a single SQL command containing a prepared ORDER-BY statement was sufficient to cause this.

In order to crash the system an attacker would have to be able to pass the command to the database interface directly – however numerous web applications include SQL injection vulnerabilities with which this can be done, using, for example, manipulated user entries. Further information on vulnerabilities in web applications and how to avoid them can be found in the article Web application security on heise Security.

Channels

Services

New version of MySQL fixes DoS vulnerabilities

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit