Mandrake Linux Security Advisory : MySQL (MDKSA-2004:119)
Critical Nessus Plugin ID 15599
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA number of problems have been discovered in the MySQL database server :
Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method (CVE-2004-0457).
Oleksandr Byelkin discovered that the 'ALTER TABLE ... RENAME' would check the CREATE/INSERT rights of the old table rather than the new one (CVE-2004-0835).
Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function (CVE-2004-0836).
Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall (CVE-2004-0837).
The updated MySQL packages have been patched to protect against these issues.
SolutionUpdate the affected packages.