lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DLbWz-0002ri-Gk@mercury.mandriva.com>
Date: Wed, 13 Apr 2005 00:39:21 -0600
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:070 - Updated MySQL packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           MySQL
 Advisory ID:            MDKSA-2005:070
 Date:                   April 12th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability in MySQL would allow a user with grant privileges to a
 database with a name containing an underscore character ("_") to have
 the ability to grant privileges to other databases with similar names.
 This problem was previously discovered and fixed, but a new case where
 the problem still existed was recently discovered.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 417cd23f30451f252fea813d9f4ef3c2  10.0/RPMS/libmysql12-4.0.18-1.5.100mdk.i586.rpm
 b831453eaa8fc45453e1744f8b3917f7  10.0/RPMS/libmysql12-devel-4.0.18-1.5.100mdk.i586.rpm
 42b1d9cd652da8515b0380ff95b79f46  10.0/RPMS/MySQL-4.0.18-1.5.100mdk.i586.rpm
 a551c71aad62c5df13a82b4056d566eb  10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.i586.rpm
 685631fa240211a8184e643dc3d5f1cb  10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.i586.rpm
 4e0fd82c672bc2da6dab8762c4d6b081  10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.i586.rpm
 a4ac1306800921e4f4aa281061275bc4  10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.i586.rpm
 90878d81d7401596b2da6b361fe2e360  10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 d8d8592e1c408b6422ac049e27619a01  amd64/10.0/RPMS/lib64mysql12-4.0.18-1.5.100mdk.amd64.rpm
 092ba14f09198f4829cedefc08d00cec  amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.5.100mdk.amd64.rpm
 d266108df4723f914a59053d79fb9bb7  amd64/10.0/RPMS/MySQL-4.0.18-1.5.100mdk.amd64.rpm
 04ddb557422c15f8c1f8d1eaddbafec4  amd64/10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.amd64.rpm
 51973164698815c2f6c2dbb6e2139199  amd64/10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.amd64.rpm
 60f890d8b8cbf29b9685f754b5c88d5d  amd64/10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.amd64.rpm
 d96b21d3ae9824214b864608b3577dbf  amd64/10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.amd64.rpm
 90878d81d7401596b2da6b361fe2e360  amd64/10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm

 Mandrakelinux 10.1:
 a6f881afe9579d59a9bb1dd6ad17baa8  10.1/RPMS/libmysql12-4.0.20-3.4.101mdk.i586.rpm
 39f4f644320f49c51e873359eabf7b2c  10.1/RPMS/libmysql12-devel-4.0.20-3.4.101mdk.i586.rpm
 4add025687ece5f2c8d8a90d75609904  10.1/RPMS/MySQL-4.0.20-3.4.101mdk.i586.rpm
 b1c67252efd4ebd6d61aec46aceb40f1  10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.i586.rpm
 489792984418629f6242ac779c68f222  10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.i586.rpm
 ad896c2dbc95537f27dd730c9b56ee39  10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.i586.rpm
 63288467c444fb9347ec1fe309816534  10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.i586.rpm
 779b911478fa081b608a68ab6e8e2970  10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 897990c787d88ae1cded68f4b0744cc0  x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.4.101mdk.x86_64.rpm
 5062c8704732e87a7457b7d8a78beaa4  x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.4.101mdk.x86_64.rpm
 4ccc4901dfaccc2841f94baf3a1c15a0  x86_64/10.1/RPMS/MySQL-4.0.20-3.4.101mdk.x86_64.rpm
 4da118dcd84c51df2692260d94891f12  x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.x86_64.rpm
 af2fb55fdeaf9b535a5de92288271037  x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.x86_64.rpm
 edfac12d91bb39fc57a2fb49a9729546  x86_64/10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.x86_64.rpm
 2c3fc2282673cdaf70949400b2192f50  x86_64/10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.x86_64.rpm
 779b911478fa081b608a68ab6e8e2970  x86_64/10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm

 Corporate Server 2.1:
 fee1c58289d49e1c519f77e9a1d13c50  corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.i586.rpm
 f6551af58f46aa65c3dc6de68ec34961  corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.i586.rpm
 8391e0abdbcfde47585d768819b7f361  corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.i586.rpm
 2269ed0f6f7267a464b214248e0cd9fb  corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.i586.rpm
 27d9c33c5213b04ab8222ac10b42bd97  corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.i586.rpm
 35b20bc721c1343ccbb2cdcd1c097a1a  corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.i586.rpm
 4bab4afbeee17e8ca6d31b57964aab10  corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 5c8d616a2cb39ae05ec8f4724707009f  x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.x86_64.rpm
 acea8f383bb42d00d4256fa607c4c2ec  x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.x86_64.rpm
 51f588ba999d520a44093a7e75d68622  x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.x86_64.rpm
 b5a0c02550feee335b4be9a3f522f722  x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.x86_64.rpm
 78cd60307b15749852130e11afbe3627  x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.x86_64.rpm
 b87924ea315b70d97dea1828fe4d411a  x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.x86_64.rpm
 4bab4afbeee17e8ca6d31b57964aab10  x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm

 Corporate 3.0:
 29f5de555916e07a2eb3334f2981b679  corporate/3.0/RPMS/libmysql12-4.0.18-1.5.C30mdk.i586.rpm
 f7e02a5400d09d850b8fa7cf0682b18f  corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.5.C30mdk.i586.rpm
 09b527600f42ec813228487fc360ef3a  corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.i586.rpm
 6f63a5bd9e92fd9282c4eb1dbf837d5f  corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.i586.rpm
 439c0118fd7729148826b0fb62429a4e  corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.i586.rpm
 6930f021fdaf18fa4f5db4cfd19a2f0b  corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.i586.rpm
 bf38329d5b2b25640db08ca71f4b3996  corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.i586.rpm
 e7a934802980f13ead8d4cbde91c9272  corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 dbf8b1639bf38cae748ce0e88e9ffa2a  x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.5.C30mdk.x86_64.rpm
 1363deae1247afac0d47a5ea88446ad1  x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.5.C30mdk.x86_64.rpm
 1b91795ad659e8ab56e73e30a06c002c  x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.x86_64.rpm
 cffa0c76bfbfbbffa840b109505a8c9d  x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.x86_64.rpm
 3c02203cbfef60142e1686ab5574b387  x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.x86_64.rpm
 fd474c00f7584a000b8727bc25f1816d  x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.x86_64.rpm
 90fa8c3c9656e39c4380957e41305a05  x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.x86_64.rpm
 e7a934802980f13ead8d4cbde91c9272  x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCXL6ZmqjQ0CJFipgRAiraAKCfiya5TnuqrqZJo3jtnFq+N9nkRwCfcQyY
WgobUjjIisixU1XdvdELC8A=
=Yk28
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ