Mandriva Update For Mysql MDVSA-2010:044 (mysql) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerabilitiy has been found and corrected in mysql: MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions (CVE-2008-7247). The updated packages have been patched to correct these issues.

Affected

mysql on Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64

Severity

Classification

CVE CVE-2008-7247

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:174 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:133 (irssi)
Mandrake Security Advisory MDVSA-2009:125 (wireshark)
Mandrake Security Advisory MDVSA-2009:161 (squid)
Mandrake Security Advisory MDVSA-2009:145 (php)

Mandriva Update for mysql MDVSA-2010:044 (mysql)

Take action and discover your vulnerabilities