The mod_auth_mysql package includes an extension module for the Apache HTTPServer, which can be used to implement web user authentication against aMySQL database.A flaw was found in the way mod_auth_mysql escaped certainmultibyte-encoded strings. If mod_auth_mysql was configured to use amultibyte character set that allowed a backslash ("\") as part of thecharacter encodings, a remote attacker could inject arbitrary SQL commandsinto a login request. (CVE-2008-2384)Note: This flaw only affected non-default installations whereAuthMySQLCharacterSet is configured to use one of the affected multibytecharacter sets. Installations that did not use the AuthMySQLCharacterSetconfiguration option were not vulnerable to this flaw.All mod_auth_mysql users are advised to upgrade to this updated package,which contains a backported patch to correct this issue. After installingthe updated package, the httpd daemon must be restarted for the update totake effect.