Debian DLA-75-1 : mysql-5.1 security update
High Nessus Plugin ID 82220
SynopsisThe remote Debian host is missing a security update.
Insecure handling of a temporary file that could lead to abritrary execution of code through the creation of a mysql configuration file pointing to an attacker-controlled plugin_dir.
Insecure creation of the debian.cnf credential file. Credentials could be stolen by a local user monitoring that file while the package gets installed.
Buffer overrun in the MySQL client when the server sends a version string that is too big for the allocated buffer.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.