RHEL 3 : mysql (RHSA-2004:569)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated mysql packages that fix various temporary file security
issues, as well as a number of bugs, are now available.

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes a number of small bugs, including some potential
security problems associated with careless handling of temporary
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2004-0381, CVE-2004-0388,
and CVE-2004-0457 to these issues.

A number of additional security issues that affect mysql have been
corrected in the source package. These include CVE-2004-0835,
CVE-2004-0836, CVE-2004-0837, and CVE-2004-0957. Red Hat Enterprise
Linux 3 does not ship with the mysql-server package and is therefore
not affected by these issues.

This update also allows 32-bit and 64-bit libraries to be installed
concurrently on the same system.

All users of mysql should upgrade to these updated packages, which
resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0381.html
https://www.redhat.com/security/data/cve/CVE-2004-0388.html
https://www.redhat.com/security/data/cve/CVE-2004-0457.html
http://rhn.redhat.com/errata/RHSA-2004-569.html

Solution :

Update the affected mysql, mysql-bench and / or mysql-devel packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 15534 ()

Bugtraq ID:

CVE ID: CVE-2004-0381
CVE-2004-0388
CVE-2004-0457