Univention Bugzilla – Bug 38520
mysql-5.1: Multiple issues (3.2)
Last modified: 2015-05-18 13:50:40 CEST
We should import the update for mysql-5.1 released by Debian Long Term Support, which fixes these issues: * Insecure handling of a temporary file that could lead to abritrary execution of code through the creation of a mysql configuration file pointing to an attacker-controlled plugin_dir. (CVE-2014-4274) * Insecure creation of the debian.cnf credential file. Credentials could be stolen by a local user monitoring that file while the package gets installed. (CVE-2013-2162) * Buffer overrun in the MySQL client when the server sends a version string that is too big for the allocated buffer (CVE-2014-0001) +++ This bug was initially created as a clone of Bug #33293 +++
The version from squeeze-lts has been imported and built in errata3.2-5. Advisory: 2015-05-13-mysql-5.1.yaml
Tests (amd64): OK Advisory: OK
<http://errata.univention.de/ucs/3.2/331.html>