RHSA-2003:094 - Security Advisory
mysql security update
Security Advisory: Important
Updated packages are available that fix both a double-free security
vulnerability and a remote root exploit security vulnerability found in the
[Updated 11 Aug 2003]
Updated mysqlclient9 packages are now included. These were previously
missing from this erratum.
MySQL is a multi-user, multi-threaded SQL database server.
A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash) by
creating a carefully crafted client application.
A remote root exploit vulnerability in mysqld, for MySQL before version
3.23.56, allows MySQL users to gain root privileges by overwriting
Previous versions of the MySQL packages do not contain the thread safe
client library (libmysqlclient_r).
All users of MySQL are advised to upgrade to these errata packages
containing MySQL 3.23.56.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- BZ - 77662 - mysql RPM's do not provide a thread safe library
- BZ - 85898 - double-free vulnerability in mysqld < 3.23.55
- BZ - 85971 - possible root exploit in mysqld startup
The Red Hat security contact is email@example.com. More contact details at https://access.redhat.com/security/team/contact/.