Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2005:163 - Updated MySQL packages fix vulnerability
From: Mandriva Security Team <security () mandriva com>
Date: Tue, 13 Sep 2005 00:06:43 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           MySQL
 Advisory ID:            MDKSA-2005:163
 Date:                   September 12th, 2005

 Affected versions:      10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A stack-based buffer overflow was discovered in the init_syms function
 in MySQL that allows authenticated users that can create user-defined
 functions to execute arbitrary code via a long function_name field.
 
 The updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2558
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 c0ca77359461d6e4503d040f657405cc  10.1/RPMS/libmysql12-4.0.20-3.5.101mdk.i586.rpm
 3ee6767c39b4e24e7ff178479fff4da4  10.1/RPMS/libmysql12-devel-4.0.20-3.5.101mdk.i586.rpm
 5fff82de496c98638c91b3b20fcc0be1  10.1/RPMS/MySQL-4.0.20-3.5.101mdk.i586.rpm
 c47820ad3f2568279a8854a59a5ca6c4  10.1/RPMS/MySQL-Max-4.0.20-3.5.101mdk.i586.rpm
 2ca25895290ff3e717ea4fb21b25beec  10.1/RPMS/MySQL-bench-4.0.20-3.5.101mdk.i586.rpm
 5dde3104a02b283dd4ea53255be6e28c  10.1/RPMS/MySQL-client-4.0.20-3.5.101mdk.i586.rpm
 d7d411a693de4e757f6bd87c3d3e8228  10.1/RPMS/MySQL-common-4.0.20-3.5.101mdk.i586.rpm
 147a03a204620f68094e327236d8569a  10.1/SRPMS/MySQL-4.0.20-3.5.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 6efbf74429938fe12d67e724975669f7  x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.5.101mdk.x86_64.rpm
 e8ea787e503f420646d0ab1aeb7fd7bd  x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.5.101mdk.x86_64.rpm
 e1c87e33304d7c5dece5a0bfed367f41  x86_64/10.1/RPMS/MySQL-4.0.20-3.5.101mdk.x86_64.rpm
 c02df0a16db0f3440afedd53c9bd5510  x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.5.101mdk.x86_64.rpm
 886d53b2b08d334209fda4e14920b075  x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.5.101mdk.x86_64.rpm
 cb934efc4a61c0ec2dca9c6f6e8d56a5  x86_64/10.1/RPMS/MySQL-client-4.0.20-3.5.101mdk.x86_64.rpm
 fc6b5c2cad48ee84c2dda8094b504874  x86_64/10.1/RPMS/MySQL-common-4.0.20-3.5.101mdk.x86_64.rpm
 147a03a204620f68094e327236d8569a  x86_64/10.1/SRPMS/MySQL-4.0.20-3.5.101mdk.src.rpm

 Mandrakelinux 10.2:
 672a98dc051b64e6a5efee02cdc163d8  10.2/RPMS/libmysql14-4.1.11-1.1.102mdk.i586.rpm
 07a736279b7623325c2f2fde828886e3  10.2/RPMS/libmysql14-devel-4.1.11-1.1.102mdk.i586.rpm
 cb2fb817c72a88d905a0875694ec8b7f  10.2/RPMS/MySQL-4.1.11-1.1.102mdk.i586.rpm
 8a2e42d756032bc400bc1d10170e6f46  10.2/RPMS/MySQL-Max-4.1.11-1.1.102mdk.i586.rpm
 d008f499f18cef6c9d92cade794a765c  10.2/RPMS/MySQL-NDB-4.1.11-1.1.102mdk.i586.rpm
 2d3a54a41b82cff0c9d22a442a5df6af  10.2/RPMS/MySQL-bench-4.1.11-1.1.102mdk.i586.rpm
 47185384cc46fbb7651dd220a63cfd9c  10.2/RPMS/MySQL-client-4.1.11-1.1.102mdk.i586.rpm
 3a434ce8c27ebb6979c350c551815939  10.2/RPMS/MySQL-common-4.1.11-1.1.102mdk.i586.rpm
 ec76c46c73c9c4a2b454026c98e9e37a  10.2/SRPMS/MySQL-4.1.11-1.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 45058361222d0099c5b76e0fff9106e1  x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.1.102mdk.x86_64.rpm
 2dd5dbdf223f5200c032e8f3f6feb525  x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.1.102mdk.x86_64.rpm
 4c2c5755a8f887aec086edef890de8ab  x86_64/10.2/RPMS/MySQL-4.1.11-1.1.102mdk.x86_64.rpm
 892005b80148274b24279a159c14ea84  x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.1.102mdk.x86_64.rpm
 9c99ebde5888ac68543aad8db0bfbbf1  x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.1.102mdk.x86_64.rpm
 a69e37c9949a9def639560ad6c51b387  x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.1.102mdk.x86_64.rpm
 9b036b241347c113e971d2006baf0d3c  x86_64/10.2/RPMS/MySQL-client-4.1.11-1.1.102mdk.x86_64.rpm
 81faea0e3ed95a1e62d912f24e98aa65  x86_64/10.2/RPMS/MySQL-common-4.1.11-1.1.102mdk.x86_64.rpm
 ec76c46c73c9c4a2b454026c98e9e37a  x86_64/10.2/SRPMS/MySQL-4.1.11-1.1.102mdk.src.rpm

 Corporate 3.0:
 04d4151eae7ed878c21f2e279c859a2a  corporate/3.0/RPMS/libmysql12-4.0.18-1.6.C30mdk.i586.rpm
 f6c6fe9dc10a247ac1ea20b3bf7cbaaa  corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.6.C30mdk.i586.rpm
 516d015085f8877d4a10492053c74133  corporate/3.0/RPMS/MySQL-4.0.18-1.6.C30mdk.i586.rpm
 52176303aa9e6915f34446a2575bcfa1  corporate/3.0/RPMS/MySQL-Max-4.0.18-1.6.C30mdk.i586.rpm
 4c19bb8b4a2c3a731d056ce39b84fd26  corporate/3.0/RPMS/MySQL-bench-4.0.18-1.6.C30mdk.i586.rpm
 5a84ae1d8c37fe41271f9797a90921b6  corporate/3.0/RPMS/MySQL-client-4.0.18-1.6.C30mdk.i586.rpm
 fe50c3c3380f386064c9c580e8468677  corporate/3.0/RPMS/MySQL-common-4.0.18-1.6.C30mdk.i586.rpm
 76fc1db6495adc321fc2d0952a27bb91  corporate/3.0/SRPMS/MySQL-4.0.18-1.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 02c3a2e98692e6c71e5497a536b30d4e  x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.6.C30mdk.x86_64.rpm
 475624ad614c0f109ce0fbf952335987  x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.6.C30mdk.x86_64.rpm
 df26496e1bd68d73d62a7c786b54b6ed  x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.6.C30mdk.x86_64.rpm
 3b75ce48513acd6dc9aa228058642f0f  x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.6.C30mdk.x86_64.rpm
 21347726c3d48e6d13723516a15d87fb  x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.6.C30mdk.x86_64.rpm
 fef51176d24e8874ddca4af5653bacc9  x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.6.C30mdk.x86_64.rpm
 7e59b805ab766f84d118f4fc5b2755ec  x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.6.C30mdk.x86_64.rpm
 76fc1db6495adc321fc2d0952a27bb91  x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDJmxzmqjQ0CJFipgRAlXrAJ4+GenFKgWyhmkpbchb7s5F9CPf4ACgvTa2
uv487XrACLdZ+yoASOC+RrE=
=BE/G
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2005:163 - Updated MySQL packages fix vulnerability Mandriva Security Team (Sep 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault