Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2010:012 ] mysql
From: security () mandriva com
Date: Mon, 18 Jan 2010 00:43:00 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:012
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : January 17, 2010
 Affected: 2009.1, 2010.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in mysql:
 
 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does
 not (1) properly handle errors during execution of certain SELECT
 statements with subqueries, and does not (2) preserve certain
 null_value flags during execution of statements that use the
 GeomFromWKB function, which allows remote authenticated users to
 cause a denial of service (daemon crash) via a crafted statement
 (CVE-2009-4019).
 
 The vio_verify_callback function in viosslfactories.c in MySQL
 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,
 accepts a value of zero for the depth of X.509 certificates, which
 allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL
 servers via a crafted certificate, as demonstrated by a certificate
 presented by a server linked against the yaSSL library (CVE-2009-4028).
 
 MySQL 5.1.x before 5.1.41 allows local users to bypass certain
 privilege checks by calling CREATE TABLE on a MyISAM table with
 modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments
 that are originally associated with pathnames without symlinks,
 and that can point to tables created at a future time at which a
 pathname is modified to contain a symlink to a subdirectory of the
 MySQL data home directory, related to incorrect calculation of the
 mysql_unpacked_real_data_home value.  NOTE: this vulnerability exists
 because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079
 (CVE-2009-4030).
 
 The updated packages have been patched to correct these
 issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded
 to the latest stable 5.1 release (5.1.42).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 2052354eb2f57325cc5a351aa8e7fa17  2009.1/i586/libmysql16-5.1.42-0.1mdv2009.1.i586.rpm
 f8b86535e2b9304340b95fc6b5e5ed53  2009.1/i586/libmysql-devel-5.1.42-0.1mdv2009.1.i586.rpm
 0b2b4f3359a6b44614daf30e921faebf  2009.1/i586/libmysql-static-devel-5.1.42-0.1mdv2009.1.i586.rpm
 0a007a4249e801fcf6ba7112c79e125b  2009.1/i586/mysql-5.1.42-0.1mdv2009.1.i586.rpm
 87664cc60c044a8415d54d4e1169556c  2009.1/i586/mysql-bench-5.1.42-0.1mdv2009.1.i586.rpm
 ec0a34be2a2abd3890e3b6163099231b  2009.1/i586/mysql-client-5.1.42-0.1mdv2009.1.i586.rpm
 5f1526147c19c5dac3d5e926e75e6108  2009.1/i586/mysql-common-5.1.42-0.1mdv2009.1.i586.rpm
 53894c10ef4d4e1384d55bf6d957d03b  2009.1/i586/mysql-doc-5.1.42-0.1mdv2009.1.i586.rpm
 af10d4d0e4efb516dc8228df3b6e0b04  2009.1/i586/mysql-max-5.1.42-0.1mdv2009.1.i586.rpm
 a950628d61d6941c5334040527b187b3  2009.1/i586/mysql-ndb-extra-5.1.42-0.1mdv2009.1.i586.rpm
 5ef3d1368951afda87ce339ac3f40702  2009.1/i586/mysql-ndb-management-5.1.42-0.1mdv2009.1.i586.rpm
 939043e470320d048c61ba731e58eedb  2009.1/i586/mysql-ndb-storage-5.1.42-0.1mdv2009.1.i586.rpm
 b575199f57235a93ab35f1d21b09106b  2009.1/i586/mysql-ndb-tools-5.1.42-0.1mdv2009.1.i586.rpm 
 7da4fea0d689631b6dc395cd5e80607e  2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 83694bc1ab6c44f9ad081a385db8e137  2009.1/x86_64/lib64mysql16-5.1.42-0.1mdv2009.1.x86_64.rpm
 efeb723e6c2f03878d3c7a98c70b08fc  2009.1/x86_64/lib64mysql-devel-5.1.42-0.1mdv2009.1.x86_64.rpm
 36dd02fdbc2fbb752cee1d5dd80b2687  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2009.1.x86_64.rpm
 6d0f276c904e851e94e21fd33064bf84  2009.1/x86_64/mysql-5.1.42-0.1mdv2009.1.x86_64.rpm
 783bb174310ca9f2d713f83cf6d1ef88  2009.1/x86_64/mysql-bench-5.1.42-0.1mdv2009.1.x86_64.rpm
 4e63f4cc681ea7647a4a6d741b272a5b  2009.1/x86_64/mysql-client-5.1.42-0.1mdv2009.1.x86_64.rpm
 0387ea642a706affc7ea43996786995b  2009.1/x86_64/mysql-common-5.1.42-0.1mdv2009.1.x86_64.rpm
 57a3b2e0d7f89cf6c529317f96aa175d  2009.1/x86_64/mysql-doc-5.1.42-0.1mdv2009.1.x86_64.rpm
 754919090d5355395a2f36025b0a6370  2009.1/x86_64/mysql-max-5.1.42-0.1mdv2009.1.x86_64.rpm
 f7b6cff4ab3d2679107c8b5a1f0d1209  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2009.1.x86_64.rpm
 526aec7bd783d54a9ba354098f88cb53  2009.1/x86_64/mysql-ndb-management-5.1.42-0.1mdv2009.1.x86_64.rpm
 5c21900db14347e6e04979e9edeafc7c  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2009.1.x86_64.rpm
 3011a3d4a3a83b563933909446c4e5a2  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2009.1.x86_64.rpm 
 7da4fea0d689631b6dc395cd5e80607e  2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 d8b966d905db88c7a5f78b350b2d197b  2010.0/i586/libmysql16-5.1.42-0.1mdv2010.0.i586.rpm
 97890a292a3ad4bfbb9a12bbf4526b65  2010.0/i586/libmysql-devel-5.1.42-0.1mdv2010.0.i586.rpm
 abdfe57c2b25ff668b9f972efa4bec28  2010.0/i586/libmysql-static-devel-5.1.42-0.1mdv2010.0.i586.rpm
 de115ca3e80cb4a54970590eae0caf74  2010.0/i586/mysql-5.1.42-0.1mdv2010.0.i586.rpm
 b1af15f0e00bd2824092dac21d28a59d  2010.0/i586/mysql-bench-5.1.42-0.1mdv2010.0.i586.rpm
 67beec0620551eb817d09e4dd2ed32a6  2010.0/i586/mysql-client-5.1.42-0.1mdv2010.0.i586.rpm
 e7979f8b6015a750d09593478cfcccc2  2010.0/i586/mysql-common-5.1.42-0.1mdv2010.0.i586.rpm
 1e403dda77399cac91522b99c5a77a94  2010.0/i586/mysql-common-core-5.1.42-0.1mdv2010.0.i586.rpm
 c06bcd5a5c0acb43f270f5d7ace9d417  2010.0/i586/mysql-core-5.1.42-0.1mdv2010.0.i586.rpm
 155d7edf8bf7760c644733671d04dda2  2010.0/i586/mysql-doc-5.1.42-0.1mdv2010.0.i586.rpm
 8a7c42ba34efd2f8f1c74491f30bac7c  2010.0/i586/mysql-max-5.1.42-0.1mdv2010.0.i586.rpm
 1d1eb124a30062c8229eacee947fab6b  2010.0/i586/mysql-ndb-extra-5.1.42-0.1mdv2010.0.i586.rpm
 e6133a08e26f7983f9cb9b7b67b75ca9  2010.0/i586/mysql-ndb-management-5.1.42-0.1mdv2010.0.i586.rpm
 9372040b6d57968315f459a688a7fdab  2010.0/i586/mysql-ndb-storage-5.1.42-0.1mdv2010.0.i586.rpm
 a74218625b766d72ae38c2c1476cf3e6  2010.0/i586/mysql-ndb-tools-5.1.42-0.1mdv2010.0.i586.rpm 
 ca60b4ffe2c95cb2db29a1a1e2523924  2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 2930d2e7a334341d082bdec1c2ad261f  2010.0/x86_64/lib64mysql16-5.1.42-0.1mdv2010.0.x86_64.rpm
 8ca967411d87705edcced52cc8281744  2010.0/x86_64/lib64mysql-devel-5.1.42-0.1mdv2010.0.x86_64.rpm
 71af52b4b8cd37ec37141fe56b0bea1c  2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2010.0.x86_64.rpm
 f8ff5f7cdd6054da4c81e3a741d9fb22  2010.0/x86_64/mysql-5.1.42-0.1mdv2010.0.x86_64.rpm
 2b7d818a2edd120aba01e525fc51e647  2010.0/x86_64/mysql-bench-5.1.42-0.1mdv2010.0.x86_64.rpm
 4896e7cfb9818e740de6586d6de18e8f  2010.0/x86_64/mysql-client-5.1.42-0.1mdv2010.0.x86_64.rpm
 7904e902d0dd12a611fef6d4fe74d188  2010.0/x86_64/mysql-common-5.1.42-0.1mdv2010.0.x86_64.rpm
 4ad977d5b0a3d8bd29d482f35ee41516  2010.0/x86_64/mysql-common-core-5.1.42-0.1mdv2010.0.x86_64.rpm
 72ae82e587c92165a72467e30560b42f  2010.0/x86_64/mysql-core-5.1.42-0.1mdv2010.0.x86_64.rpm
 7585cdb1a7065c522d3d71c91c13071f  2010.0/x86_64/mysql-doc-5.1.42-0.1mdv2010.0.x86_64.rpm
 50936bad8898af9a9ecbab9f51a884c5  2010.0/x86_64/mysql-max-5.1.42-0.1mdv2010.0.x86_64.rpm
 2ef542022c6437fa4df25e7b46c804dd  2010.0/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2010.0.x86_64.rpm
 b20519b0f4fb8ca438c8105a1305b45d  2010.0/x86_64/mysql-ndb-management-5.1.42-0.1mdv2010.0.x86_64.rpm
 32d5eb57ba08af5420e44777ea2bbd98  2010.0/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2010.0.x86_64.rpm
 607848d02f7cffdf3169c7dbce65e75f  2010.0/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2010.0.x86_64.rpm 
 ca60b4ffe2c95cb2db29a1a1e2523924  2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLU3VUmqjQ0CJFipgRAmhhAJ91sCoRByeEVFdzAULLmfs0t6vOsACaArA+
fPZMuPMkwgub9aN1Xva9v1Q=
=2/XR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:012 ] mysql security (Jan 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]