Scientific Linux Security Update : mysql on SL5.x, SL4.x i386/x86_64
High Nessus Plugin ID 60332
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in a way MySQL handled symbolic links when database tables were created with explicit 'DATA' and 'INDEX DIRECTORY' options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969)
A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925)
SolutionUpdate the affected packages.