Summary: | <dev-db/mysql-5.0.24: privilege bypass | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexander M. Turek <me> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mysql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html | ||
Whiteboard: | ~3? [noglsa] DerCorny | ||
Package list: | Runtime testing required: | --- |
Description
Alexander M. Turek
2006-08-04 09:48:53 UTC
From ChangeLog: Security fix: If a user has access to MyISAM table t, that user can create a MERGE table m that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m. If this behavior is undesirable, you can start the server with the new --skip-merge option to disable the MERGE storage engine. (Bug#15195) Same bug as in <4.1.21, not really critical, but I'll bump MySQL this evening (didn't know about this week-old release cause upstream forgot to announce it). Best regards, CHTEKK. Add mysql-bugs to CC. Best regards, CHTEKK. looking forward to the bump :) cheers! dev-db/mysql-5.0.24 is in the tree now, doesn't require any arch-team intervention as it's unstable on all arches. Best regards, CHTEKK. Thx Luca. Closing this without GLSA as it was never stable. |