Advisories MDVSA-2009:326: mysql

[paul]

Multiple vulnerabilities has been found and corrected in mysql:

 

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6

does not properly handle a b'' (b single-quote single-quote) token,

aka an empty bit-string literal, which allows remote attackers to

cause a denial of service (daemon crash) by using this token in a

SQL statement (CVE-2008-3963).

 

MySQL before 5.0.67 allows local users to bypass certain privilege

checks by calling CREATE TABLE on a MyISAM table with modified (1)

DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally

associated with pathnames without symlinks, and that can point to

tables created at a future time at which a pathname is modified

to contain a symlink to a subdirectory of the MySQL home data

directory. NOTE: this vulnerability exists because of an incomplete

fix for CVE-2008-4097 (CVE-2008-4098).

 

Cross-site scripting (XSS) vulnerability in the command-line client

in MySQL 5.0.26 through 5.0.45, when the --html option is enabled,

allows attackers to inject arbitrary web script or HTML by placing

it in a database cell, which might be accessed by this client when

composing an HTML document (CVE-2008-4456).

 

Multiple format string vulnerabilities in the dispatch_command function

in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow

remote authenticated users to cause a denial of service (daemon crash)

and possibly have unspecified other impact via format string specifiers

in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.

NOTE: some of these details are obtained from third party information

(CVE-2009-2446).

 

Packages for 2008.0 are being provided due to extended support for

Corporate products.

 

This update provides fixes for this vulnerability.