mysql security update

CentOS Errata and Security Advisory CESA-2005:348

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-defined
functions. A user with the ability to create and execute a user defined
function could potentially execute arbitrary code on the MySQL server. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0709 and CAN-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates temporary
tables. A local user could create a specially crafted symlink which could
result in the MySQL server overwriting a file which it has write access to.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-April/073697.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073698.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073702.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073708.html

Affected packages:
mysql
mysql-bench
mysql-devel
mysql-server

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:348