[Technik] [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Noèl Köthe
noel at debian.org
Fri Jan 11 19:58:15 CET 2008
Am Sonntag, den 06.01.2008, 19:04 +0100 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA-1451-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> January 06, 2008 http://www.debian.org/security/faq
>
> Package : mysql-dfsg-5.0
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-3781 CVE-2007-5969 CVE-2007-6304
mysql-dfsg-5.0 auf h01, h02, h03, h04, h51 und wasco aktualisiert.
Aufgrund des benötigten Neustarts, war der mysql Server wenige Minuten
nicht erreichbar.
> For the stable distribution (etch), these problems have been fixed in
> version 5.0.32-7etch4.
mysql-dfsg-5.0 (5.0.32-7etch4) stable-security; urgency=high
* SECURITY:
Fix for CVE-2007-3781: CREATE TABLE LIKE did not require any privileges on
the source table. Now it requires the SELECT privilege.
* SECURITY:
Fix for CVE-2007-5969: Using RENAME TABLE against a table with explicit
DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system
table information by replacing the file to which the symlink points.
(closes: #455010)
* SECURITY:
Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
be forced to crash if the remote server returns a result with fewer columns
than expected. (closes: #455737)
-- Norbert Tretkowski <nobse at debian.org> Sat, 22 Dec 2007 19:20:38 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080111/fa53bcbe/attachment-0001.pgp
More information about the Technik
mailing list