MySQL mysqld Privilege Escalation Vulnerability

Solution:
The vendor has resolved this issue in the 3.23.56 release.

Conectiva has released an advisory (CLA-2003:743), to address this issue. Users are advised to download and apply a relevant fixes as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

Trustix has released an advisory (TSLSA-2003-0009) which includes fixes for this issue.

OpenPKG has released advisory OpenPKG-SA-2003.022 to address this issue. mysql-3.23.56-20030318 was released for OpenPKG CURRENT. mysql-3.23.54a-1.2.2 was released for OpenPKG 1.2. mysql-3.23.52-1.1.3 was released for OpenPKG 1.1. Upgrade instructions are provided in the attached advisory.

Gentoo has upgraded dev-db/mysql to mysql-3.23.56. The upgrade may be applied with the following commands:

emerge sync
emerge mysql
emerge clean

Debian has released fixes for this issue. Links to upgraded packages are available in the attached advisory (DSA 303-1).

Red Hat has released an advisory (RHSA-2003:094) containing fixes to address this issue in Enterprise Linux and Linux Advanced Workstation. Fixes for these releases are only available through the Red Hat Network, and can be obtained using the following link:

http://rhn.redhat.com/

Fixes are available:


MySQL AB MySQL 3.23.36

MySQL AB MySQL 3.23.37

MySQL AB MySQL 3.23.38

MySQL AB MySQL 3.23.39

MySQL AB MySQL 3.23.40

MySQL AB MySQL 3.23.41

MySQL AB MySQL 3.23.42

MySQL AB MySQL 3.23.43

MySQL AB MySQL 3.23.44

MySQL AB MySQL 3.23.45

MySQL AB MySQL 3.23.46

MySQL AB MySQL 3.23.47

MySQL AB MySQL 3.23.48

MySQL AB MySQL 3.23.49

MySQL AB MySQL 3.23.50

MySQL AB MySQL 3.23.51

MySQL AB MySQL 3.23.52

MySQL AB MySQL 3.23.53

MySQL AB MySQL 3.23.53 a

MySQL AB MySQL 3.23.54

MySQL AB MySQL 3.23.54 a

MySQL AB MySQL 3.23.55


 

Privacy Statement
Copyright 2010, SecurityFocus