Debian: DSA-1451-1 Critical: MySQL Remote Threats and Fixes
debian
January 6, 2008
Several local/remote vulnerabilities have been discovered in the MySQL
database server
Summary
It was discovered that privilege validation for the source table
of CREATE TABLE LIKE statements was insufficiently enforced, which
might lead to information disclosure. This is only exploitable by
authenticated users.
CVE-2007-5969
It was discovered that symbolic links were handled insecurely during
the creation of tables with DATA DIRECTORY or INDEX DIRECTORY
statements, which might lead to denial of service by overwriting
data. This is only exploitable by authenticated users.
CVE-2007-6304
It was discovered that queries to data in a FEDERATED table can
lead to a crash of the local database server, if the remote server
returns information with less columns than expected, resulting in
denial of service.
For the unstable distribution (sid), these problems have been fixed in
version 5.0.51-1.
For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch4.
The the old stable distribution (sarge) doesn...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!