Debian: DSA-2818-1 Critical Update For MySQL 5.5 Remote Issues
debian
December 16, 2013
Several issues have been discovered in the MySQL database server
Topics Covered
Summary
In addition this update fixes two issues affecting specifically the
mysql-5.5 Debian package:
A race condition in the post-installation script of the mysql-server-5.5
package creates the configuration file "/etc/mysql/debian.cnf" with
world-readable permissions before restricting the permissions, which
allows local users to read the file and obtain sensitive information
such as credentials for the debian-sys-maint to perform
administration tasks. (CVE-2013-2162)
Matthias Reichl reported that the mysql-5.5 package misses the patches
applied previous in Debian's mysql-5.1 to drop the database "test" and
the permissions that allow anonymous access, without a password, from
localhost to the "test" database and any databases starting with
"test_". This update reintroduces these patches for the mysql-5.5
package.
Existing databases and permissions are not touched. Please refer to the
NEWS file provided with this update for further information.
For the stable distribution (wheezy), these problems have b...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: mysql-5.5
CVE ID: CVE-2013-1861 CVE-2013-2162 CVE-2013-3783 CVE-2013-3793
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!