(RHSA-2005:334) mysql security update

2005-03-2800:00:00

access.redhat.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-defined
functions. A user with the ability to create and execute a user defined
function could potentially execute arbitrary code on the MySQL server. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0709 and CAN-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates temporary
tables. A local user could create a specially crafted symlink which could
result in the MySQL server overwriting a file which it has write access to.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanys390mysql< 3.23.58-15.RHEL3.1mysql-3.23.58-15.RHEL3.1.s390.rpm
RedHatanyia64mysql-bench< 4.1.10a-1.RHEL4.1mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm
RedHatanyi386mysql-devel< 4.1.10a-1.RHEL4.1mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm
RedHatanyppcmysql< 3.23.58-15.RHEL3.1mysql-3.23.58-15.RHEL3.1.ppc.rpm
RedHatanyi386mysql-bench< 3.23.58-15.RHEL3.1mysql-bench-3.23.58-15.RHEL3.1.i386.rpm
RedHatanyi386mysql-devel< 3.23.58-15.RHEL3.1mysql-devel-3.23.58-15.RHEL3.1.i386.rpm
RedHatanyia64mysql-server< 3.23.58-1.72.2mysql-server-3.23.58-1.72.2.ia64.rpm
RedHatanyi386mysql< 3.23.58-1.72.2mysql-3.23.58-1.72.2.i386.rpm
RedHatanyia64mysql< 4.1.10a-1.RHEL4.1mysql-4.1.10a-1.RHEL4.1.ia64.rpm
RedHatanys390mysql-devel< 4.1.10a-1.RHEL4.1mysql-devel-4.1.10a-1.RHEL4.1.s390.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390	mysql	< 3.23.58-15.RHEL3.1	mysql-3.23.58-15.RHEL3.1.s390.rpm
RedHat	any	ia64	mysql-bench	< 4.1.10a-1.RHEL4.1	mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm
RedHat	any	i386	mysql-devel	< 4.1.10a-1.RHEL4.1	mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm
RedHat	any	ppc	mysql	< 3.23.58-15.RHEL3.1	mysql-3.23.58-15.RHEL3.1.ppc.rpm
RedHat	any	i386	mysql-bench	< 3.23.58-15.RHEL3.1	mysql-bench-3.23.58-15.RHEL3.1.i386.rpm
RedHat	any	i386	mysql-devel	< 3.23.58-15.RHEL3.1	mysql-devel-3.23.58-15.RHEL3.1.i386.rpm
RedHat	any	ia64	mysql-server	< 3.23.58-1.72.2	mysql-server-3.23.58-1.72.2.ia64.rpm
RedHat	any	i386	mysql	< 3.23.58-1.72.2	mysql-3.23.58-1.72.2.i386.rpm
RedHat	any	ia64	mysql	< 4.1.10a-1.RHEL4.1	mysql-4.1.10a-1.RHEL4.1.ia64.rpm
RedHat	any	s390	mysql-devel	< 4.1.10a-1.RHEL4.1	mysql-devel-4.1.10a-1.RHEL4.1.s390.rpm