Patches & Updates MySQL 4.023 Update



28 Feb 2005

H-Sphere versions:   All

This document explains how to update all MySQL packages to 4.023. MySQL update is performed on the control panel server as root and affects all H-Sphere boxes running MySQL.

This update fixes MySQL vulnerability to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

References:

- http://seclists.org/lists/fulldisclosure/2005/Jan/0736.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004

Update Procedure

  1. Log into the control panel server as root:
    su -
  2. Download the archive:
    Linux:
    # wget http://www.psoft.net/shiv/HS/u-mysql4023.tgz
    FreeBSD:
    # fetch http://www.psoft.net/shiv/HS/u-mysql4023.tgz
  3. Untar the archive:
    # tar xfz u-mysql4023.tgz
  4. Enter the u-mysql4023 directory:
    # cd u-mysql4023
  5. Run the update script
    # sh update.sh


Copyright 1998-2008. Positive Software Corporation.
All rights reserved.