Updated MySQL packages fix vulnerabilities

Updated MySQL server packages fix both a double-free security
vulnerability and a root exploit security vulnerability.

[Updated 1 May 2003]
Added updated packages for Red Hat Linux 9, which is vulnerable to
CAN-2003-0150.

MySQL is a multi-user, multi-threaded SQL database server.

A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash) by
creating a carefully crafted client application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0073 to this issue.

MySQL 3.23.55 and earlier creates world-writable files and allows mysql
users to gain root privileges by using the "SELECT * INFO OUTFILE" operator
to overwrite a configuration file and cause mysql to run as root upon
restart. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0150 to this issue.

All users are advised to upgrade to MySQL 3.23.56 contained within this
errata which is not vulnerable to these issues.

In addition to the security fixes, these erratum packages contain a
thread safe client library (libmysqlclient_r).

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

77662 - mysql RPM's do not provide a thread safe library
85898 - double-free vulnerability in mysqld < 3.23.55
85971 - possible root exploit in mysqld startup

https://www.redhat.com/security/data/cve/CVE-2003-0073.html
https://www.redhat.com/security/data/cve/CVE-2003-0150.html
http://www.mysql.com/doc/en/News-3.23.55.html
http://www.mysql.com/doc/en/News-3.23.56.html