[debian-mysql] Bug#455010: CVE-2007-5969 possible to overwrite system table information
Nico Golde
nion at debian.org
Sat Dec 8 16:49:21 UTC 2007
Package: mysql-dfsg-5.0
Version: 5.0.32-7etch3
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.
CVE-2007-5969[0]:
| Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX
| DIRECTORY options can be used to overwrite system table information by
| replacing the file to which the symlink points. MySQL will now return an error
| when the file to which the symlink points already exists.
| http://bugs.mysql.com/32111
This information is not yet on the mitre site but I guess you have access
to the bug report in the upstream BTS.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20071208/4ea07001/attachment.pgp
More information about the pkg-mysql-maint
mailing list