MDVSA-2008:028 -- Mandriva mysqlID: oval:org.secpod.oval:def:301368 | Date: (C)2012-01-07 (M)2023-11-09 |
Class: PATCH | Family: unix |
The mysql_change_db function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges . The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service via a response that lacks the minimum required number of columns . The updated packages provide MySQL 5.0.45 for all Mandriva Linux platforms that shipped with MySQL 5.0.x which offers a number of feature enhancements and bug fixes. In addition, the updates for Corporate Server 4.0 include support for the Sphinx engine. Please note that due to the package name change , the mysqld service will not restart automatically so users must execute "service mysqld start" after the upgrade is complete.
Platform: |
Mandriva Linux 2007.0 |
Mandriva Linux 2007.1 |