[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [ MDVSA-2008:028 ] - Updated MySQL packages fix multiple
From: security () mandriva ! com
Date: 2008-01-30 4:38:18
Message-ID: E1JK4iI-0000XY-LW () artemis ! annvix ! ca
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:028
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : January 29, 2008
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not
restore THD::db_access privileges when returning from SQL SECURITY
INVOKER stored routines, which allowed remote authenticated users to
gain privileges (CVE-2007-2692).
The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).
The updated packages provide MySQL 5.0.45 for all Mandriva Linux
platforms that shipped with MySQL 5.0.x which offers a number of
feature enhancements and bug fixes. In addition, the updates for
Corporate Server 4.0 include support for the Sphinx engine.
Please note that due to the package name change (from 'MySQL' to
'mysql'), the mysqld service will not restart automatically so users
must execute 'service mysqld start' after the upgrade is complete.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
8308e15a835905cfb1db32eada26c883 \
2007.0/i586/libmysql-devel-5.0.45-8.1mdv2007.0.i586.rpm \
497b43aa77224faa392c5141d48e138f \
2007.0/i586/libmysql-static-devel-5.0.45-8.1mdv2007.0.i586.rpm \
d46c0aea4b3d4e3b57f6d58cd508af57 2007.0/i586/libmysql15-5.0.45-8.1mdv2007.0.i586.rpm \
3278969388161ffed75c14e15dd9d4ad 2007.0/i586/mysql-5.0.45-8.1mdv2007.0.i586.rpm \
72961088740e022b2db2c7546f361c67 \
2007.0/i586/mysql-bench-5.0.45-8.1mdv2007.0.i586.rpm \
36c92157cda26ce4297628e66c079d7f \
2007.0/i586/mysql-client-5.0.45-8.1mdv2007.0.i586.rpm \
773b61b83357a3946395135431cd32db \
2007.0/i586/mysql-common-5.0.45-8.1mdv2007.0.i586.rpm \
21b2a793207115ccf7f36c054b50b9fe 2007.0/i586/mysql-max-5.0.45-8.1mdv2007.0.i586.rpm \
1d3bd0dcb8e675674ddda288c28cb558 \
2007.0/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.0.i586.rpm \
3db8afbca3dd5827ffedc4e47c10f97e \
2007.0/i586/mysql-ndb-management-5.0.45-8.1mdv2007.0.i586.rpm \
a6a279e76cca9cdf3ac5565179e80545 \
2007.0/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.0.i586.rpm \
f8b9a30a32e247915b9858f3b7f63379 \
2007.0/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.0.i586.rpm \
e64751b034f8560d5118b35e6a5092fb 2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
cf40fcf35654f9c2c178f8536f718f72 \
2007.0/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.0.x86_64.rpm \
75c959ef8c66d26b24b32a79e9cc28bd \
2007.0/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.0.x86_64.rpm \
cdfe8b2ea0baec8d6574a13ddcb8e39b \
2007.0/x86_64/lib64mysql15-5.0.45-8.1mdv2007.0.x86_64.rpm \
7b55f3b2c08793911edb7aa0e1cc4b4d 2007.0/x86_64/mysql-5.0.45-8.1mdv2007.0.x86_64.rpm \
6c8a12a0b9a17dc9ba2f91b69de366a3 \
2007.0/x86_64/mysql-bench-5.0.45-8.1mdv2007.0.x86_64.rpm \
cc3b0305b62d265bf4ea28de45c409a4 \
2007.0/x86_64/mysql-client-5.0.45-8.1mdv2007.0.x86_64.rpm \
6eed047db759509c10eb349b6c2546df \
2007.0/x86_64/mysql-common-5.0.45-8.1mdv2007.0.x86_64.rpm \
a4527d7bb167064a0028cf3f9b768dc5 \
2007.0/x86_64/mysql-max-5.0.45-8.1mdv2007.0.x86_64.rpm \
f06ce459897d0e0c93a301c2312a53e9 \
2007.0/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.0.x86_64.rpm \
937776dc1bad2a792d33184b92e9bb56 \
2007.0/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.0.x86_64.rpm \
df971f898499ec07b86d70ca40c12567 \
2007.0/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.0.x86_64.rpm \
aa08021ec8da55ace45677a0c2df1d81 \
2007.0/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.0.x86_64.rpm \
e64751b034f8560d5118b35e6a5092fb 2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
a38836b0cbc846c1dd00e6d585a5a294 \
2007.1/i586/libmysql-devel-5.0.45-8.1mdv2007.1.i586.rpm \
2b7b67b466378773aceaba6ef463bf5c \
2007.1/i586/libmysql-static-devel-5.0.45-8.1mdv2007.1.i586.rpm \
ce17d4f08128e4ee6fe65c0f9714d977 2007.1/i586/libmysql15-5.0.45-8.1mdv2007.1.i586.rpm \
e379f1928765efaeba54e955d814e319 2007.1/i586/mysql-5.0.45-8.1mdv2007.1.i586.rpm \
0b193494a536b74a26481c52b81b5ddb \
2007.1/i586/mysql-bench-5.0.45-8.1mdv2007.1.i586.rpm \
2eabad8947dd72625bce27a7080352d8 \
2007.1/i586/mysql-client-5.0.45-8.1mdv2007.1.i586.rpm \
3a44bdf485a76168b8e34d5c9d32b7b6 \
2007.1/i586/mysql-common-5.0.45-8.1mdv2007.1.i586.rpm \
a89063f71cb71697814d722d4db74681 2007.1/i586/mysql-max-5.0.45-8.1mdv2007.1.i586.rpm \
dfba29fc3bc045ba88951f3f9de4aff2 \
2007.1/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.1.i586.rpm \
e8c6e2cf09c6455d744063f0263d6b21 \
2007.1/i586/mysql-ndb-management-5.0.45-8.1mdv2007.1.i586.rpm \
cc7b6344cd4fffa8445f39ba1b346ca9 \
2007.1/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.1.i586.rpm \
467865cd19dd0490f786ee23ab54e065 \
2007.1/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.1.i586.rpm \
a9b3d46326af15bfd46be2c83686777f 2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
7b08c92ffd78f132aafba21ab594a42d \
2007.1/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.1.x86_64.rpm \
da3d05a494925b934e0456162b006888 \
2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.1.x86_64.rpm \
53d391471cc83b3d85db9b2bfc788494 \
2007.1/x86_64/lib64mysql15-5.0.45-8.1mdv2007.1.x86_64.rpm \
308068c6d03d3d5abbd0b444e836cc17 2007.1/x86_64/mysql-5.0.45-8.1mdv2007.1.x86_64.rpm \
04e3fb67f3f67a8747b1d2bf53b5e547 \
2007.1/x86_64/mysql-bench-5.0.45-8.1mdv2007.1.x86_64.rpm \
851d191e569b72a5b7624b2a32e4e584 \
2007.1/x86_64/mysql-client-5.0.45-8.1mdv2007.1.x86_64.rpm \
12fc2e3d907bfa04cb02496146cc4a56 \
2007.1/x86_64/mysql-common-5.0.45-8.1mdv2007.1.x86_64.rpm \
16d00cebde97ee6be2742f81937d5915 \
2007.1/x86_64/mysql-max-5.0.45-8.1mdv2007.1.x86_64.rpm \
06f1a09c1a8c5e721565b4e39390e184 \
2007.1/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.1.x86_64.rpm \
ac18d6bb01af8d50311d8a12090d8391 \
2007.1/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.1.x86_64.rpm \
33f135b18c515ddcbc3a7cef106dfd82 \
2007.1/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.1.x86_64.rpm \
b543874252fd45641001a68523e3cb76 \
2007.1/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.1.x86_64.rpm \
a9b3d46326af15bfd46be2c83686777f 2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm
Corporate 4.0:
10b08c4aef587ab1009b30a7f6786267 \
corporate/4.0/i586/libmysql-devel-5.0.45-7.1.20060mlcs4.i586.rpm \
5224612a804fba33a616f2e8eeb2fb66 \
corporate/4.0/i586/libmysql-static-devel-5.0.45-7.1.20060mlcs4.i586.rpm \
c3ba2b6e48f6ac91416e296ed2e48ccd \
corporate/4.0/i586/libmysql15-5.0.45-7.1.20060mlcs4.i586.rpm \
a0d41fd603cadfb613fab192a9f57d8b \
corporate/4.0/i586/mysql-5.0.45-7.1.20060mlcs4.i586.rpm \
7ad5cd1d76be29f206148756d7675466 \
corporate/4.0/i586/mysql-bench-5.0.45-7.1.20060mlcs4.i586.rpm \
33194b388687a13e43ff6d464e058ff5 \
corporate/4.0/i586/mysql-client-5.0.45-7.1.20060mlcs4.i586.rpm \
e95b67383618e7e903d59fa035489a38 \
corporate/4.0/i586/mysql-common-5.0.45-7.1.20060mlcs4.i586.rpm \
465aa5b928645beff8c33da0b2a7404e \
corporate/4.0/i586/mysql-max-5.0.45-7.1.20060mlcs4.i586.rpm \
c5c71f0d9423b930bc1da328e24205d5 \
corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.i586.rpm \
b33302b1b3376dd5cb5f3f294e83bef6 \
corporate/4.0/i586/mysql-ndb-management-5.0.45-7.1.20060mlcs4.i586.rpm \
039351fc45003c4b3e21f6664cca8912 \
corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.i586.rpm \
56931d13e6b2bb73cd40bbe148e96e9a \
corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.i586.rpm \
041dd79dc8f4531524ea7c11386c1eaa \
corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8d35642f0a5ff7f8cc917751a4d52e6a \
corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm \
2d908a9332638c14dd31e8d77113a9da \
corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm \
bf3443b40917fd9f8cf872b7f0731164 \
corporate/4.0/x86_64/lib64mysql15-5.0.45-7.1.20060mlcs4.x86_64.rpm \
070736f9c11739b1636d81244412057f \
corporate/4.0/x86_64/mysql-5.0.45-7.1.20060mlcs4.x86_64.rpm \
cefe0f1bbc72355ce777f296b45b5ed3 \
corporate/4.0/x86_64/mysql-bench-5.0.45-7.1.20060mlcs4.x86_64.rpm \
57e0592185510613cd47c1bafe835f47 \
corporate/4.0/x86_64/mysql-client-5.0.45-7.1.20060mlcs4.x86_64.rpm \
7588a705de13a66d52f1a917251d6b71 \
corporate/4.0/x86_64/mysql-common-5.0.45-7.1.20060mlcs4.x86_64.rpm \
24f33b4a948e3187d409c923c574201e \
corporate/4.0/x86_64/mysql-max-5.0.45-7.1.20060mlcs4.x86_64.rpm \
00c7d7b67e7ad5428571cfe34472aefb \
corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.x86_64.rpm \
994c10d3df42ad91db095ed3455bed75 \
corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.1.20060mlcs4.x86_64.rpm \
74ec034893fbbc0db4eecd62748f19ab \
corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.x86_64.rpm \
d29e8aad80d5ad6bedbcca512700e7d1 \
corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.x86_64.rpm \
041dd79dc8f4531524ea7c11386c1eaa \
corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHn8bhmqjQ0CJFipgRAmC2AJ9eX48lecJkUaKkXnRAWKIwgmeD8gCgmXjp
4mhVLb87csMrDvR176pf7GI=
=A9gT
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic