CVE-2008-0226
Published: 10 January 2008
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Notes
Author | Note |
---|---|
jdstrand | dapper not affected (yassl not compiled) |
Priority
Status
Package | Release | Status |
---|---|---|
mysql-dfsg-4.1 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.0.22-0ubuntu6.06.8)
|
edgy |
Released
(5.0.24a-9ubuntu2.4)
|
|
feisty |
Released
(5.0.38-0ubuntu1.4)
|
|
gutsy |
Released
(5.0.45-1ubuntu3.3)
|
|
hardy |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
intrepid |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
jaunty |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
karmic |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1478 |