MySQL issues security fix

Security patch is designed for the latest versions of MySQL's open-source database software.

MySQL has issued a security update to address flaws in its client-server protocol that could allow a malicious attacker to exploit buffer overflow vulnerabilities and gain access to sensitive information.

The open-source database company released its MySQL version 5.0.21 update earlier this week. The update is designed to address security flaws in database server software versions 5.1.9; 5.0.20; 4.1.18; 4.0.26 and prior versions.

Security researcher FrSIRT rates the flaws as "moderate" risk. MySQL version 5.0, which was released late last year, is in widespread use.

FrSIRT noted that one of the three flaws involves a buffer overflow flaw, which could be exploited by attackers to execute arbitrary commands from a user's system.

The two other flaws can be exploited when a validation error occurs when inputting information. The vulnerabilities could allow attackers to disclose portions of the system's memory in the error messages.

Featured Video

iPad Pro after one week: Can it replace your laptop?

CNET Senior Editor Andrew Hoyle has been using Apple's gigantic tablet as his main computer for a week. Luke Westaway asks how it stacks up.

by Luke Westaway