Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 2 Nov 2004 00:20:06 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           MySQL
 Advisory ID:            MDKSA-2004:119
 Date:                   November 1st, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A number of problems have been discovered in the MySQL database server:
 
 Jeroen van Wolffelaar discovered an insecure temporary file
 vulnerability in the mysqlhotcopy script when using the scp method
 (CAN-2004-0457).
 
 Oleksandr Byelkin discovered that the "ALTER TABLE ... RENAME" would
 check the CREATE/INSERT rights of the old table rather than the new
 one (CAN-2004-0835).
 
 Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect
 function (CAN-2004-0836).
 
 Dean Ellis discovered that multiple threads ALTERing the same (or
 different) MERGE tables to change the UNION can cause the server to
 crash or stall (CAN-2004-0837).
 
 The updated MySQL packages have been patched to protect against these
 issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
  http://bugs.mysql.com/bug.php?id=3270
  http://bugs.mysql.com/bug.php?id=4017
  http://bugs.mysql.com/bug.php?id=2408
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 f680ccd6ecdd9abc77496c71ce02d70b  10.0/RPMS/MySQL-4.0.18-1.2.100mdk.i586.rpm
 30c0c2b64243f1b9ac300eb52062d303  10.0/RPMS/MySQL-Max-4.0.18-1.2.100mdk.i586.rpm
 8618a5f416cf30cd527be1f42763210f  10.0/RPMS/MySQL-bench-4.0.18-1.2.100mdk.i586.rpm
 b6d07c7d09e405e174311024e098de1b  10.0/RPMS/MySQL-client-4.0.18-1.2.100mdk.i586.rpm
 b28337d115d733eb280d7fe5659bcc5a  10.0/RPMS/MySQL-common-4.0.18-1.2.100mdk.i586.rpm
 66536b18fc371f756a61496d90340a7b  10.0/RPMS/libmysql12-4.0.18-1.2.100mdk.i586.rpm
 befe1dbf68fcbc0b9300af93ec9b9d57  10.0/RPMS/libmysql12-devel-4.0.18-1.2.100mdk.i586.rpm
 188e63d83d403f4c4c11ae7487cf45ac  10.0/SRPMS/MySQL-4.0.18-1.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 491712aed8839a408cd2e3a5ca088668  amd64/10.0/RPMS/MySQL-4.0.18-1.2.100mdk.amd64.rpm
 d579b376ed0da8d42dc1adb1a472a923  amd64/10.0/RPMS/MySQL-Max-4.0.18-1.2.100mdk.amd64.rpm
 b0b056e3a247c2187a09eec2b5c666a3  amd64/10.0/RPMS/MySQL-bench-4.0.18-1.2.100mdk.amd64.rpm
 44fc8c891ea9e75ed10918c52e29ddd7  amd64/10.0/RPMS/MySQL-client-4.0.18-1.2.100mdk.amd64.rpm
 df20d5582e78629ff86e27499a72b0b7  amd64/10.0/RPMS/MySQL-common-4.0.18-1.2.100mdk.amd64.rpm
 79af2d7adb19e2a0df48c8d0765914fe  amd64/10.0/RPMS/lib64mysql12-4.0.18-1.2.100mdk.amd64.rpm
 a5e44db419bb47f1169deb3af54f9d48  amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.2.100mdk.amd64.rpm
 188e63d83d403f4c4c11ae7487cf45ac  amd64/10.0/SRPMS/MySQL-4.0.18-1.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 0241fc97ccebf80f02f573404cc7f01b  10.1/RPMS/MySQL-4.0.20-3.1.101mdk.i586.rpm
 fb27d0a9d916a63d4c8143c7ae181ef0  10.1/RPMS/MySQL-Max-4.0.20-3.1.101mdk.i586.rpm
 758d3b52cf32d0fb1114199eb7e65247  10.1/RPMS/MySQL-bench-4.0.20-3.1.101mdk.i586.rpm
 1df5f23ef2ea4f9456323dc7925d0790  10.1/RPMS/MySQL-client-4.0.20-3.1.101mdk.i586.rpm
 61d8e14939e9dcc9bf8b9207e7a4bd60  10.1/RPMS/MySQL-common-4.0.20-3.1.101mdk.i586.rpm
 ee21d69bf2275f8933ca0c91c5af5b98  10.1/RPMS/libmysql12-4.0.20-3.1.101mdk.i586.rpm
 9c64006cb87de169f43ad8f78b1b1c47  10.1/RPMS/libmysql12-devel-4.0.20-3.1.101mdk.i586.rpm
 a3b194caf4c67c8fa6f881d5577aabba  10.1/SRPMS/MySQL-4.0.20-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 214a6acbb0fb3e8398111a6d30ac4082  x86_64/10.1/RPMS/MySQL-4.0.20-3.1.101mdk.x86_64.rpm
 72ad37fa4cd99254d399e725c44b5681  x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.1.101mdk.x86_64.rpm
 c98fd317bc3a2387801c440626459f4e  x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.1.101mdk.x86_64.rpm
 3141d5e2fa8ca10f94c3501e10e0d00f  x86_64/10.1/RPMS/MySQL-client-4.0.20-3.1.101mdk.x86_64.rpm
 57f74802dbc5a4912dd926ec748d53a4  x86_64/10.1/RPMS/MySQL-common-4.0.20-3.1.101mdk.x86_64.rpm
 ab48d1099a5077e763b9d11c373369b4  x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.1.101mdk.x86_64.rpm
 2f0846107ddaa0d7c6c389add0dbd6d5  x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.1.101mdk.x86_64.rpm
 a3b194caf4c67c8fa6f881d5577aabba  x86_64/10.1/SRPMS/MySQL-4.0.20-3.1.101mdk.src.rpm

 Corporate Server 2.1:
 6a3d3652bcf1b9b213cb12b22abfa297  corporate/2.1/RPMS/MySQL-3.23.56-1.6.C21mdk.i586.rpm
 c819f40d6afef344e3fbfd50f13e4adb  corporate/2.1/RPMS/MySQL-Max-3.23.56-1.6.C21mdk.i586.rpm
 c3bf86fe33f2e1f80ba53817fe23ed60  corporate/2.1/RPMS/MySQL-bench-3.23.56-1.6.C21mdk.i586.rpm
 2296ca45f742f6ad4fe0f12827bc7e69  corporate/2.1/RPMS/MySQL-client-3.23.56-1.6.C21mdk.i586.rpm
 7cdd06d76012d329ffb1b8c05af8ce22  corporate/2.1/RPMS/libmysql10-3.23.56-1.6.C21mdk.i586.rpm
 6b8784affa68c19199753877a7127c93  corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.6.C21mdk.i586.rpm
 537ee31b2c8b6c0c006d07bea8aad1a8  corporate/2.1/SRPMS/MySQL-3.23.56-1.6.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 b308f0d13fabf30b0c73b6a62bae42d2  x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.6.C21mdk.x86_64.rpm
 d1681268b5c2d3d5865585d517001aff  x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.6.C21mdk.x86_64.rpm
 d508c3f565f294d319e8da215a622eeb  x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.6.C21mdk.x86_64.rpm
 20219356f5a1256eb5d4543e30fa3ce4  x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.6.C21mdk.x86_64.rpm
 aac8add3fe8beee70f9b3048a7372ab0  x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.6.C21mdk.x86_64.rpm
 cb7d3ebab5149514909633609b47fab1  x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.6.C21mdk.x86_64.rpm
 537ee31b2c8b6c0c006d07bea8aad1a8  x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.6.C21mdk.src.rpm

 Mandrakelinux 9.2:
 8a874159baa33853754001a99e1cdd10  9.2/RPMS/MySQL-4.0.15-1.2.92mdk.i586.rpm
 ea88058a50c8f170c35b070f8843d1dd  9.2/RPMS/MySQL-Max-4.0.15-1.2.92mdk.i586.rpm
 686a188b99e75f2e44c7be5fc49313bb  9.2/RPMS/MySQL-bench-4.0.15-1.2.92mdk.i586.rpm
 077b2f4785ec2af1a0886baf0dd5742d  9.2/RPMS/MySQL-client-4.0.15-1.2.92mdk.i586.rpm
 e2622344b092c71e68f6be668d2b00a1  9.2/RPMS/MySQL-common-4.0.15-1.2.92mdk.i586.rpm
 a1a485e1de88013571f6c2ea0417f1f8  9.2/RPMS/libmysql12-4.0.15-1.2.92mdk.i586.rpm
 46b3cfd41057fd6ad674555f1cd2e786  9.2/RPMS/libmysql12-devel-4.0.15-1.2.92mdk.i586.rpm
 d040b231845bf2035905fcdeec142650  9.2/SRPMS/MySQL-4.0.15-1.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 e8a1259267471c9f47b812aa80782a7f  amd64/9.2/RPMS/MySQL-4.0.15-1.2.92mdk.amd64.rpm
 4545590ffd9eb4995807a4c37762d966  amd64/9.2/RPMS/MySQL-Max-4.0.15-1.2.92mdk.amd64.rpm
 e85c26267ae0847e982b848bcae82715  amd64/9.2/RPMS/MySQL-bench-4.0.15-1.2.92mdk.amd64.rpm
 f1ea2226a633f792d70ecb4508a50bc2  amd64/9.2/RPMS/MySQL-client-4.0.15-1.2.92mdk.amd64.rpm
 4aa99ef449ebe42466adbdbf99e2f588  amd64/9.2/RPMS/MySQL-common-4.0.15-1.2.92mdk.amd64.rpm
 b92a3b4fa52f27e9e92b9d8691f6bf9e  amd64/9.2/RPMS/lib64mysql12-4.0.15-1.2.92mdk.amd64.rpm
 410e1737c0cff17eba69081894c91bcd  amd64/9.2/RPMS/lib64mysql12-devel-4.0.15-1.2.92mdk.amd64.rpm
 d040b231845bf2035905fcdeec142650  amd64/9.2/SRPMS/MySQL-4.0.15-1.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBhtK2mqjQ0CJFipgRAtMSAKDIv5E7k98RpCTjzSG6R2iGNt4zaQCeLP6r
p5cZUZjNxjAKW833kuof644=
=vUSB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]