Updated mysql packages that fix a temporary file flaw and a number of bugs
are now available.
This update has been rated as having low security impact by the CentOS
Security Response Team.
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.
An insecure temporary file handling bug was found in the mysql_install_db
script. It is possible for a local user to create specially crafted files
in /tmp which could allow them to execute arbitrary SQL commands during
database installation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1636 to this issue.
These packages update mysql to version 4.1.12, fixing a number of problems.
Also, support for SSL-encrypted connections to the database server is now
All users of mysql are advised to upgrade to these updated packages.