Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities
From: security () mandriva com
Date: Sat, 19 Jul 2008 13:42:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:149
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mysql
 Date    : July 19, 2008
 Affected: 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 Sergei Golubchik found that MySQL did not properly validate optional
 data or index directory paths given in a CREATE TABLE statement; as
 well it would not, under certain conditions, prevent two databases
 from using the same paths for data or index files.  This could allow
 an authenticated user with appropriate privilege to create tables in
 one database to read and manipulate data in tables later created in
 other databases, regardless of GRANT privileges (CVE-2008-2079).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2008.1:
 6782fa8e80d657cc32a784791296136c  2008.1/i586/libmysql15-5.0.51a-8.1mdv2008.1.i586.rpm
 d38cfb788ab390a22e50c4d8cd88f713  2008.1/i586/libmysql-devel-5.0.51a-8.1mdv2008.1.i586.rpm
 17c5413087a43818eb37625415db339c  2008.1/i586/libmysql-static-devel-5.0.51a-8.1mdv2008.1.i586.rpm
 725b41649fd161c63087f0e44ec488bb  2008.1/i586/mysql-5.0.51a-8.1mdv2008.1.i586.rpm
 c6864405d42406bf85f8e2fb08af8793  2008.1/i586/mysql-bench-5.0.51a-8.1mdv2008.1.i586.rpm
 e6df015114747e50092b6a9d7225e821  2008.1/i586/mysql-client-5.0.51a-8.1mdv2008.1.i586.rpm
 5b359172c307e980b7c8d3e409f1f85a  2008.1/i586/mysql-common-5.0.51a-8.1mdv2008.1.i586.rpm
 b65eb90008f0f329fcd78aa601c941cf  2008.1/i586/mysql-doc-5.0.51a-8.1mdv2008.1.i586.rpm
 803c2840d6e56e851d043c21c8d153ba  2008.1/i586/mysql-max-5.0.51a-8.1mdv2008.1.i586.rpm
 ce4f47ad3c03549aee94d5b88734f6c8  2008.1/i586/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.i586.rpm
 3f4013ca6f91d85d00895d58fccb235a  2008.1/i586/mysql-ndb-management-5.0.51a-8.1mdv2008.1.i586.rpm
 494932ed64f2813cf0896f23112debc3  2008.1/i586/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.i586.rpm
 d7c24b1ccf013e14adc943fe90fc11c5  2008.1/i586/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.i586.rpm 
 0e68ede1df17ebd9dfa4c02ca7205dc1  2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 7efe5a4aaf106e5f28118d4f0a6757e5  2008.1/x86_64/lib64mysql15-5.0.51a-8.1mdv2008.1.x86_64.rpm
 0793a32b20f398f03580aaa5377e5192  2008.1/x86_64/lib64mysql-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
 c3efcca1e7b13bf2d38cc15ac34c3a05  2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
 aa1408995eec88602fe6cde92b662814  2008.1/x86_64/mysql-5.0.51a-8.1mdv2008.1.x86_64.rpm
 ac232e2c080dccf9745f18a901079b7d  2008.1/x86_64/mysql-bench-5.0.51a-8.1mdv2008.1.x86_64.rpm
 af82fcb4a9c02aa0994015892a0d1297  2008.1/x86_64/mysql-client-5.0.51a-8.1mdv2008.1.x86_64.rpm
 7628f598b3d767f0f37f30b80f224db8  2008.1/x86_64/mysql-common-5.0.51a-8.1mdv2008.1.x86_64.rpm
 ae212a73fda5f0e334d71a0fca4cd8b5  2008.1/x86_64/mysql-doc-5.0.51a-8.1mdv2008.1.x86_64.rpm
 734b94f12d8c8b9042780e03d0a2c7df  2008.1/x86_64/mysql-max-5.0.51a-8.1mdv2008.1.x86_64.rpm
 53a4ab72777ab8c85a89f8f37ceaecff  2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.x86_64.rpm
 8f57766a240e25ae39c11ffba53f5762  2008.1/x86_64/mysql-ndb-management-5.0.51a-8.1mdv2008.1.x86_64.rpm
 3e0df3dabd48d33ccfe4322bffe36743  2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.x86_64.rpm
 02030eb47df043478edc5886d9706849  2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.x86_64.rpm 
 0e68ede1df17ebd9dfa4c02ca7205dc1  2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIghjzmqjQ0CJFipgRAg2lAKCPKI1bYFVEu+WtzrBRzIERRkuzvwCfeakB
uT2vsaASgbZ7/Mfe3zNpGmo=
=aIyr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities security (Jul 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]