Updated MySQL server packages fix both a double-free security vulnerability and a root exploit security vulnerability. [Updated 1 May 2003] Added updated packages for Red Hat Linux 9, which is vulnerable to CAN-2003-0150.
MySQL is a multi-user, multi-threaded SQL database server. A double-free vulnerability in mysqld, for MySQL before version 3.23.55, allows attackers with MySQL access to cause a denial of service (crash) by creating a carefully crafted client application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0073 to this issue. MySQL 3.23.55 and earlier creates world-writable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0150 to this issue. All users are advised to upgrade to MySQL 3.23.56 contained within this errata which is not vulnerable to these issues. In addition to the security fixes, these erratum packages contain a thread safe client library (libmysqlclient_r).