185506 – 5.0.45 fixes security bugs

Bug 185506 - 5.0.45 fixes security bugs

Summary: 5.0.45 fixes security bugs

Status:	RESOLVED DUPLICATE of bug 185333

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://dev.mysql.com/doc/refman/5.0/e...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-07-16 09:10 UTC by Bernd Marienfeldt
Modified:	2007-07-16 09:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernd Marienfeldt 2007-07-16 09:10:38 UTC

Security fix: A malformed password packet in the connection protocol could cause the server to crash. Thanks for Dormando for reporting this bug and providing details and a proof of concept. (Bug#28984)

Security Fix: CREATE TABLE LIKE did not require any privileges on the source table. Now it requires the SELECT privilege. (Bug#25578) 

Security fix: Use of a view could allow a user to gain update privileges for tables in other databases. (Bug#27878)

Security fix: If a stored routine was declared using SQL SECURITY INVOKER, a user who invoked the routine could gain privileges. (Bug#27337)

Security fix: The requirement of the DROP privilege for RENAME TABLE was not being enforced. (Bug#27515) 

Reproducible: Always

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2007-07-16 09:14:20 UTC


*** This bug has been marked as a duplicate of bug 185333 ***