Package : mysql-dfsg-4.1 Vulnerability : insecure temporary file Problem-Type : local Debian-specific: no CVE ID : CAN-2005-1636 BugTraq ID : 13660 Debian Bug : 319526
Eric Romang discovered a temporary file vulnerability in a script accompanied with MySQL, a popular database, that allows an attacker to execute arbitrary SQL commands when the server is installed or updated.
The old stable distribution (woody) as well as mysql-dfsg are not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in version 4.1_4.1.11a-4sarge1.
For the unstable distribution (sid) this problem has been fixed in version 4.1.12 for mysql-dfsg-4.1 and 5.0.11beta-3 of mysql-dfsg-5.0.
We recommend that you upgrade your mysql packages.
Upgrade Instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge --------------------------------