From 3657af3351bab7f279c1d2a45a15f7f5d1acc7ba Mon Sep 17 00:00:00 2001 From: miwi Date: Tue, 30 Dec 2008 11:12:38 +0000 Subject: - Document mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths --- security/vuxml/vuln.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c4c5b05a309..28927287441 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> + + mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths + + + mysql-server + 4.14.1.25 + 5.05.0.75 + 5.15.1.28 + 6.06.0.6 + + + + +

MySQL Team reports:

+
+

Additional corrections were made for the symlink-related privilege + problem originally addressed. The original fix did not correctly + handle the data directory pathname if it contained symlinked + directories in its path, and the check was made only at + table-creation time, not at table-opening time later.

+
+ +
+ + CVE-2008-2079 + CVE-2008-4097 + CVE-2008-4098 + http://bugs.mysql.com/bug.php?id=32167 + http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html + http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html + http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html + http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 + + + 2008-07-03 + 2008-12-30 + +
+ mplayer -- twinvq processing buffer overflow vulnerability -- cgit