[SECURITY] [DLA 75-1] mysql-5.1 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 75-1] mysql-5.1 security update
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 22 Oct 2014 08:46:31 +0200
Message-id: <[🔎] 20141022064631.GA16979@x230-buxy.home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : mysql-5.1
Version        : 5.1.73-1+deb6u1
CVE ID         : CVE-2013-2162 CVE-2014-0001 CVE-2014-4274

This update fixes one important vulnerability (CVE-2014-4274) and batches
together two other minor fixes (CVE-2013-2162, CVE-2014-0001).

CVE-2014-4274

    Insecure handling of a temporary file that could lead to abritrary
    execution of code through the creation of a mysql configuration file
    pointing to an attacker-controlled plugin_dir.

CVE-2013-2162

    Insecure creation of the debian.cnf credential file. Credentials could
    be stolen by a local user monitoring that file while the package gets
    installed.

CVE-2014-0001

    Buffer overrun in the MySQL client when the server sends a version
    string that is too big for the allocated buffer.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 74-1] ppp security update
Next by Date: [SECURITY] [DLA 76-1] kde4libs security update
Previous by thread: [SECURITY] [DLA 74-1] ppp security update
Next by thread: [SECURITY] [DLA 76-1] kde4libs security update
Index(es):
- Date
- Thread