MySQL insecure temporary file creation vulnerability _ MySQL

Affected system: MySQLABMySQL4.1.0-latest. Affected systems:
　　
MySQL AB MySQL 4.1.0-alpha
MySQL AB MySQL 4.1.0
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.15
MySQL AB MySQL 4.0.14
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0.0
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.57
MySQL AB MySQL 3.23.56
MySQL AB MySQL 3.23.55
MySQL AB MySQL 3.23.54
MySQL AB MySQL 3.23.53a
MySQL AB MySQL 3.23.53
MySQL AB MySQL 3.23.52
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.5
MySQL AB MySQL 3.23.48
MySQL AB MySQL 3.23.47
MySQL AB MySQL 3.23.46
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.39
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
MySQL AB MySQL 3.23.36
MySQL AB MySQL 3.23.34
MySQL AB MySQL 3.23.31
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.3
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28 gamma
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.22.32
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
MySQL AB MySQL 3.20.32a
MySQL AB MySQL 3.23.49
-Debian Linux 3.0:
-Mandrake Linux 9.0
-Mandrake Linux 8.2
-Mandrake Linux 8.1
-RedHat: Linux 7.3
-RedHat: Linux 7.2
-SuSE Linux 8.2
-SuSE Linux 8.1
　　
　　 Detailed description:
　　
MySQL is an open-source relational database system. MySQL error reporting tool (mysqlbug) does not securely create temporary files. local Attackers can exploit this vulnerability to corrupt arbitrary system file content, resulting in DoS attacks.
　　
Mysqlbug is an error report Script. when running, a text editor is started and users are prompted to use the template to write their error reports. If you exit the text editor without modifying the vulnerability report, mysqlbug will execute the following code:
　　
--
If cmp-s $ TEMP. x
Then
Echo "File not changed, no bug report submitted ."
Cp $ TEMP/tmp/failed-mysql-bugreport
Echo "The raw bug report exists in
/Tmp/failed-mysql-bugreport"
Echo "If you use this remember that the first lines
Of the report now
Is a lie
.."
Exit 1
Fi
--
　　
A temporary file is created with a static file name. Therefore, attackers can establish symbolic connections. when other users call wrong debugging, the target file to be connected may be damaged, local Attackers can exploit this vulnerability to launch DoS attacks on the local system.
　　
　　 Patch download:
　　
Http://www.mysql.com/doc/en/Installing_source_tree.html