Package : mysql-5.1 Version : 5.1.73-1+deb6u1 CVE ID : CVE-2013-2162 CVE-2014-0001 CVE-2014-4274 This update fixes one important vulnerability (CVE-2014-4274) and batches together two other minor fixes (CVE-2013-2162, CVE-2014-0001). CVE-2014-4274 Insecure handling of a temporary file that could lead to abritrary execution of code through the creation of a mysql configuration file pointing to an attacker-controlled plugin_dir. CVE-2013-2162 Insecure creation of the debian.cnf credential file. Credentials could be stolen by a local user monitoring that file while the package gets installed. CVE-2014-0001 Buffer overrun in the MySQL client when the server sends a version string that is too big for the allocated buffer. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature