Rapid7 Vulnerability & Exploit Database

RHSA-2007:1157: mysql security update

Back to Search

RHSA-2007:1157: mysql security update



Updated mysql packages that fix several security issues are now available for Red Hat Application Stack v1 and v2. This update has been rated as having important security impact by the Red Hat Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969) A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925) A flaw was found in a way MySQL handled the "DEFINER" view parameter. A user with the "ALTER VIEW" privilege for a view created by another database user, could modify that view to get access to any data accessible to the creator of said view. (CVE-2007-6303) All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


  • redhat-upgrade-mysql
  • redhat-upgrade-mysql-bench
  • redhat-upgrade-mysql-cluster
  • redhat-upgrade-mysql-devel
  • redhat-upgrade-mysql-libs
  • redhat-upgrade-mysql-server
  • redhat-upgrade-mysql-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center