[Frugalware-security] [ FSA-451 ] mysql
Miklos Vajna
vmiklos at frugalware.org
Mon May 26 16:33:57 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-451
Date: 2008-05-26
Package: mysql
Vulnerable versions: <= 5.0.51-2
Unaffected versions: >= 5.0.51-3kalgan1
Related bugreport: http://bugs.frugalware.org/task/3075
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
Description
===========
A security issue has been reported in MySQL, which can be exploited by malicious, local users to bypass certain security restrictions.
The problem is that it is possible to bypass certain privilege checks by creating a MyISAM table with certain DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory.
Updated Packages
================
Check if you have mysql installed:
# pacman-g2 -Q mysql
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy mysql
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/451
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAkg6ylUACgkQZ7NElSD1VhkCcwCeM/sAZ6KHbjV6nFW2+ZNVCpLl
6PIAoIZWCHijRlI11CtA3kfGxmUlr8bw
=r6aH
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list