Solution
Please Install the Updated Packages.
Insight
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries.
A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "
DATA"
and "
INDEX DIRECTORY"
options. An
authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969)
A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash.
(CVE-2007-5925)
All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
Affected
mysql on Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4,
Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5925, CVE-2007-5969 -
CVSS Base Score: 7.1
AV:N/AC:H/Au:S/C:C/I:C/A:C
Related Vulnerabilities