DESCRIPTION: Two vulnerabilities have been reported in MySQL, which can be exploited by malicious users to bypass certain security restrictions or cause a DoS (Denial of Service). 1) An error in "ALTER TABLE ... RENAME" operations causes the CREATE/INSERT rights of old tables to be checked, which potentially can be exploited to bypass some applied security restrictions. The vulnerability has been reported in version 3.23. Other versions may also be affected. 2) It is possible to crash or stall the server when multiple threads ALTER the same or different MERGE tables to change the UNION. The vulnerability has been reported in version 3.23 and 4.0.18. Other versions may also be affected. SOLUTION: Update to version 3.23.59 or 4.0.21. http://dev.mysql.com/downloads/mysql/ PROVIDED AND/OR DISCOVERED BY: 1) Oleksandr Byelkin 2) Dean Ellis ORIGINAL ADVISORY: 1) http://bugs.mysql.com/bug.php?id=3270 2) http://bugs.mysql.com/bug.php?id=2408 Reproducible: Always Steps to Reproduce: 1. 2. 3. We have ebuilds for several "affected" versions, maybe an ebuild cleaning would also be nice. http://secunia.com/advisories/12783/
This is handled by security-restricted bug #67062
*** This bug has been marked as a duplicate of 67062 ***