Bug 125991
| Summary: | CAN-2004-0388 and CAN-2004-0381: insecure temporary file creation | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> | ||||
| Component: | mysql | Assignee: | Tom Lane <tgl> | ||||
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 2 | CC: | hhorak | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://www.debian.org/security/2004/dsa-483 | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 3.23.58-9.1 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-01-30 23:48:17 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 101129 [details]
mysql-3.23.58-symlink.patch
*** This bug has been marked as a duplicate of 119442 *** Reopening; we usually keep separate tracking bugs for FC and RHEL since they run on different schedules for QA etc. This bug is for FC1 and FC2 tracking Fedora Core Development's -11 solves this issue. Does FC2 get an update? It seems a sufficiently low-priority matter that I wasn't planning to push out a separate update. I might get overruled on that though. I'll close this bug, because: - Fedora Core 2 got mysql-3.23.58-9.1 - Fedora Core 3 got mysql-3.23.58-14 - Red Hat Enterprise Linux 2.1 got mysql-3.23.58-1.72.1 - Red Hat Enterprise Linux 3 got mysql-3.23.58-2.3 this issue should be solved in any active supported distribution. |
Description of problem: CAN-2004-0388: The script mysqld_multi in MySQL allows local users to overwrite arbitrary files via a symlink attack. CAN-2004-0381: The script mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack. Version-Release number of selected component (if applicable): mysql-3.23.58-9 Expected results: Patch/update (my patches are ported from Debian and Mandrake). Additional info: I only found CAN-2004-0381 (bug #119442) for RHEL3.