COMMAND

	MySQL DoS via double-free() bug

SYSTEMS AFFECTED

	All MySQL before 3.23.55 ?

PROBLEM

	In Mandrake security advisory [MDKSA-2003:013] :
	
	Aleksander Adamowski informed MandrakeSoft  that  the  MySQL  developers
	fixed a DoS vulnerability in the recently released  3.23.55  version  of
	MySQL. A double free() pointer bug in the  mysql_change_user()  handling
	would allow a specially hacked mysql client to  crash  the  main  mysqld
	server. This vulnerability can only be exploited  by  first  logging  in
	with a valid user account. see :
	
	 http://www.mysql.com/doc/en/News-3.23.55.html
	
	

SOLUTION

	Get MySQL v3.23.55