[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1CzOQd-0006QD-Vp@updates.mandrakesoft.com>
Date: Thu, 10 Feb 2005 17:12:59 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2005:036
Date: February 10th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A temporary file vulnerability in the mysqlaccess script in MySQL was
discovered by Javier Fernandez-Sanguino Pena. This flaw could allow
an unprivileged user to let root overwrite arbitrary files via a
symlink attack. It could also be used to view the contents of a
temporary file which could contain sensitive information.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
50574ec1c70d78d0b4f7da1bd7d7d380 10.0/RPMS/libmysql12-4.0.18-1.3.100mdk.i586.rpm
25710d5c4844ca1d123944ac0861bc0f 10.0/RPMS/libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
8c056d72fa1d02c231ed321bfa0108af 10.0/RPMS/libqt3-mysql-3.2.3-19.6.100mdk.i586.rpm
94dcd13a633ef96a31b0f7da452afed1 10.0/RPMS/MySQL-4.0.18-1.3.100mdk.i586.rpm
8df8f4a9d6cdce677d630ac134081898 10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
bbe03440aa22bdf38204607f290915f8 10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
64015efdb83f79c9a1fbedce63ea1f78 10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.i586.rpm
5481c9bbc5daf2632c36f6dc7d2521c0 10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.i586.rpm
2f8f209e44f7fbe18395e6e815e8cc5b 10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
38bc4a1e8a79ec174569dfdfa98f022d amd64/10.0/RPMS/lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
6c3eea8562548a88e80d98c40af4bc68 amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
48feba0f77d5ead04e2226f50595494d amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
7bcddb4ae89e5f1934f272a4c4910dbe amd64/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.amd64.rpm
c503b7cefabdfa0c49b658037190c6c5 amd64/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
3815a6a61e37a70e63c3794c6d4ab807 amd64/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
aaebba0d883e9abbb2bfa58b19b1a57e amd64/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
353006ae3541483c666416679841c1f6 amd64/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
2f8f209e44f7fbe18395e6e815e8cc5b amd64/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm
Mandrakelinux 10.1:
bd3a35f3ba7440aa79f3940f20422b19 10.1/RPMS/libmysql12-4.0.20-3.2.101mdk.i586.rpm
c3fd2f49a144ec27d8bad808a89cbb31 10.1/RPMS/libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
3e2967952b1ddaa05561bf17b88fe24d 10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
f6b68d795599ec5a51b2c3c5cf3ada86 10.1/RPMS/MySQL-4.0.20-3.2.101mdk.i586.rpm
514e962fbfb48e2d6e18baf8c6ad86b8 10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
71624f3454fa8892b123104e1e9e7260 10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
06fde75abed6b50838161eb95e375135 10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.i586.rpm
fd3f8ed0bea7dee2e20fdf09a26c8715 10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.i586.rpm
195735730d0535bef4dbe1fbb5c5cec7 10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
841beab56f637c1148348685b39daf6f x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
7aa4b9a407252d5a333cd25b2f11d39d x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
ec4bb6dd0693f48a5960d30d48496839 x86_64/10.1/RPMS/lib64qt3-mysql-3.3.3-27.1.101mdk.x86_64.rpm
3e2967952b1ddaa05561bf17b88fe24d x86_64/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
4683c29eac58dfea8c5d2d0aa7afc5e7 x86_64/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.x86_64.rpm
31a8ca40e7da9f3b311bff981c3f5614 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
2783b732a61d2eb87422daf0f18913b7 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
f034044d8fda605eeba6db49da02c4c4 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
ef4ce84d6cc648cf3e3cc938bafa8918 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
195735730d0535bef4dbe1fbb5c5cec7 x86_64/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm
Corporate Server 2.1:
f4cd6b3d833a0a5d190b7d5defd6f18a corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.i586.rpm
1e2afd78697dfe26bfc9f5327f2f3108 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.i586.rpm
a6f2168c5faffff7872ba6a5c4bc2dd2 corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.i586.rpm
7f41d3536345a283812301a9b1416616 corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.i586.rpm
c8632bb5f0f31862aa764efe8aedab19 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.i586.rpm
81c7febbb3be7b9c2c6f8eba26f6b040 corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.i586.rpm
fbb22ec4f0087ea2df640f2e99786334 corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d1c474ac0d94e181d9955f33843ea1e5 x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.x86_64.rpm
6180ac0c3820243fc97191fc0e388618 x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.x86_64.rpm
94629c4d41e9e5b041fd87a10f4626c6 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.x86_64.rpm
7c6e305fbbd13bda3ca09175931452b0 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.x86_64.rpm
4a5697b1822bae029b07e2f1d1907086 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.x86_64.rpm
66c8261cd44333d3457331fe65acb8d5 x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.x86_64.rpm
fbb22ec4f0087ea2df640f2e99786334 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm
Corporate 3.0:
2f0f9a15805949a8b1c4f707b495065a corporate/3.0/RPMS/libmysql12-4.0.18-1.3.C30mdk.i586.rpm
96e08808e0abdb36562d9d1326f024fa corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
e64e068fc62211319dbaa20574ec32cf corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.i586.rpm
18737baa96e918b9319b0f624e8279db corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
e002a2b1053995d8e18a43f1472154d6 corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
e6ac405500f65b0ab00ea7238218cea7 corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
35b216ccea7ac198c0e855e89789b0b9 corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
7fc62e5799ef5dd03aa2cf973dec3220 corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
ec3dd6d37697ef1832afd5abc07ef072 x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
486940c54412a6a06ea2985fdd805cc3 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
48feba0f77d5ead04e2226f50595494d x86_64/corporate/3.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
3ca0207824ba315b9856e363831e8238 x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
64446e7f63df7df74426a47cf2de6625 x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
390c3074eac1aac97b249979fa467741 x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
f9b9bb7f21cdd8d53cbad39f37385143 x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
870eac0d47223dcf88ee24072e84dfc3 x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
7fc62e5799ef5dd03aa2cf973dec3220 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCC/iLmqjQ0CJFipgRAmmVAKCB2tuw8rbCEFKObSVI1zY4d6jY3gCdGCc7
MA8YkCnnBQD3DM3lOTBKTJg=
=OZs0
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists