FreeBSD Ports: mysql-server

Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades. http://www.wisec.it/vulns.php?page=7 http://www.wisec.it/vulns.php?page=8 http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html http://secunia.com/advisories/19929/ http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html http://www.vuxml.org/freebsd/4913886c-e875-11da-b9f4-00123ffe8333.html
Insight
The following package is affected: mysql-server CVE-2006-1516 The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. CVE-2006-1517 sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. CVE-2006-1518 Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.