MySQL Password Auth broken

MySQL Vulnerability Allows Attackers to Bypass Password Verification | PCWorld Business Center

This is a little outside of the mission of this blog, but it's sort of huge and I know some of my readers run their own web servers:

the code that compares the cryptographic hash of a user-inputted password to the hash stored in the database for a particular account will sometimes allow authentication even if the supplied password is incorrect.
Simply put, MySQL on affected systems isn't and can't be password protected without an update.  Patch things up right now.