19 Jul 21:39
[ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities
From: <security <at> mandriva.com>
Subject: [ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-19 19:42:00 GMT
Subject: [ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-19 19:42:00 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:149 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : July 19, 2008 Affected: 2008.1 _______________________________________________________________________ Problem Description: Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct this issue. _______________________________________________________________________ References:(Continue reading)
RSS Feed