Synopsis: Important: mysql security update Issue date: 2007-12-18 CVE Names: CVE-2007-5969 CVE-2007-5925 A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969) A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925) SL 4.x SRPMS: mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm i386: mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm mysql-server-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm x86_64: mysql-4.1.20-3.RHEL4.1.el4.1.x86_64.rpm mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm mysql-bench-4.1.20-3.RHEL4.1.el4.1.x86_64.rpm mysql-devel-4.1.20-3.RHEL4.1.el4.1.x86_64.rpm mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm mysql-server-4.1.20-3.RHEL4.1.el4.1.x86_64.rpm SL 5.x SRPMS: mysql-5.0.22-2.2.el5_1.1.src.rpm i386: mysql-5.0.22-2.2.el5_1.1.i386.rpm mysql-bench-5.0.22-2.2.el5_1.1.i386.rpm mysql-devel-5.0.22-2.2.el5_1.1.i386.rpm mysql-server-5.0.22-2.2.el5_1.1.i386.rpm mysql-test-5.0.22-2.2.el5_1.1.i386.rpm x86_64: mysql-5.0.22-2.2.el5_1.1.i386.rpm mysql-5.0.22-2.2.el5_1.1.x86_64.rpm mysql-bench-5.0.22-2.2.el5_1.1.x86_64.rpm mysql-devel-5.0.22-2.2.el5_1.1.i386.rpm mysql-devel-5.0.22-2.2.el5_1.1.x86_64.rpm mysql-server-5.0.22-2.2.el5_1.1.x86_64.rpm mysql-test-5.0.22-2.2.el5_1.1.x86_64.rpm -Connie Sieh -Troy Dawson