From a recent vendor-sec posting: (these bugs are public afaik, but I'm marking this private in our bugzilla system until I'm sure. Treat it as a fight club until further notice) There have been a number of vulnerabilities discovered in recent versions of the mysql server. Patches are available through URLs. CAN-2004-0835 Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one. Changelog: Fixed bug in privilege checking of ALTER TABLE RENAME http://bugs.mysql.com/bug.php?id=3270 http://lists.mysql.com/internals/13073 http://mysql.bkbits.net:8080/mysql-3.23/cset@1.1435?nav=index.html|tags|ChangeSet@1.1413.. CAN-2004-0836 Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect function. Changelog: Fixed potential memory overrun in mysql_real_connect() (which required a compromised DNS server and certain operating systems). http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 CAN-2004-0837 Dean Ellis noticed that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall. Changelog: Fixed an old bug in concurrent accesses to MERGE tables (even one MERGE table and MyISAM tables), that could've resulted in a crash or hang of the server. http://bugs.mysql.com/2408 http://lists.mysql.com/internals/16168 http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15 http://lists.mysql.com/internals/16173 http://lists.mysql.com/internals/16174 The following ones don't have a CVE id assigned to, but I'm in contact with MITRE already. Crash with MATCH..AGAINST (denial of service) http://bugs.mysql.com/bug.php?id=3870 Only affects mysql 4.0 Privilege Escalation on GRANT ALL ON `Foo\_Bar` Changelog: Fixed bug in privilege checking where, under some conditions, one was able to grant privileges on the database, he has no privileges on. http://bugs.mysql.com/bug.php?id=3933 http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1 Does not only affect older versions than 4.0 as well.
mysql team -- can you review/patch as appropriate? Please treat this as a confidential bug report.
Debian published a DSA on the first three ones with CAN assignments. http://www.debian.org/security/2004/dsa-562
*** Bug 67175 has been marked as a duplicate of this bug. ***
MySQL team : we're getting late on those... Please apply fixes and bump (or comment).
All these issues are in fact public fixed in 4.0.21... already in portage. A little feedback from the MySQL team on this would have been appreciated. Arches: please mark 4.0.21 stable
*** Bug 67343 has been marked as a duplicate of this bug. ***
Koon: sorry, I've been quite busy with schoolwork, and after I did finally get access to the bug (just having mysql-bugs on the CC doesn't let us into locked bugs), I only got to checking one of the items. When you write up the GLSA, note that several of these apply to both the 3.23 and 4.0 MySQL versions.
stable on ppc
sparc tasty.
Stable on alpha.
stable on ppc64
Stable on hppa.
Stable on mips.
stable on x86.
Sorry guys, this one must have slipped through my attention. Stable now on amd64.
Drafted. Security please review.
GLSA 200410-22
*** Bug 69851 has been marked as a duplicate of this bug. ***