lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1FdsYX-00082f-AM@mercury.mandriva.com>
Date: Wed, 10 May 2006 11:33:01 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:084
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : MySQL
 Date    : May 10, 2006
 Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The check_connection function in sql_parse.cc in MySQL 4.0.x up to
 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote
 attackers to read portions of memory via a username without a trailing
 null byte, which causes a buffer over-read. (CVE-2006-1516)  
 
 sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and
 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive
 information via a COM_TABLE_DUMP request with an incorrect packet
 length, which includes portions of memory in an error message.         
 (CVE-2006-1517)
 
 Updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 4909fe2f65460b5d570c6a7ba9cff866  10.2/RPMS/libmysql14-4.1.11-1.4.102mdk.i586.rpm
 2abf3bab6adb4c55869189a77fc3fb55  10.2/RPMS/libmysql14-devel-4.1.11-1.4.102mdk.i586.rpm
 5f7cb8b59cec81673b33c8f288854cdd  10.2/RPMS/MySQL-4.1.11-1.4.102mdk.i586.rpm
 baf754c73e1d9d5d075af16bbb670865  10.2/RPMS/MySQL-bench-4.1.11-1.4.102mdk.i586.rpm
 4186fd1a7a4addda9ed50c142f09e0ad  10.2/RPMS/MySQL-client-4.1.11-1.4.102mdk.i586.rpm
 26c570f455d7113f2af79493fce1f09c  10.2/RPMS/MySQL-common-4.1.11-1.4.102mdk.i586.rpm
 feb16e6ba1272758d8eb5b03960a8109  10.2/RPMS/MySQL-Max-4.1.11-1.4.102mdk.i586.rpm
 ff61354715f761a46a8910141c17308d  10.2/RPMS/MySQL-NDB-4.1.11-1.4.102mdk.i586.rpm
 52cbe54bd00e29484c6c25735c7bcb94  10.2/SRPMS/MySQL-4.1.11-1.4.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 505a4c981db838708fdf1f63bb8bf1d9  x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.4.102mdk.x86_64.rpm
 58cfd4b6f1c2a44475fc4e0b155c411b  x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.4.102mdk.x86_64.rpm
 71b93f12b9441a16a674e21d083fb106  x86_64/10.2/RPMS/MySQL-4.1.11-1.4.102mdk.x86_64.rpm
 e2453637f22fdc0035972e22ed5446d5  x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.4.102mdk.x86_64.rpm
 924a711c2d7bfcb183e67c0ed8455cdf  x86_64/10.2/RPMS/MySQL-client-4.1.11-1.4.102mdk.x86_64.rpm
 fea020684cfe4447d84b236ed3eb8712  x86_64/10.2/RPMS/MySQL-common-4.1.11-1.4.102mdk.x86_64.rpm
 4f613498aba6803507a6210025c364bd  x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.4.102mdk.x86_64.rpm
 d211d2b6bef7e4a8702b6d10f1a2e9c8  x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.4.102mdk.x86_64.rpm
 52cbe54bd00e29484c6c25735c7bcb94  x86_64/10.2/SRPMS/MySQL-4.1.11-1.4.102mdk.src.rpm

 Mandriva Linux 2006.0:
 1116c2cbc0a6f7b443caa1db80b7cc96  2006.0/RPMS/libmysql14-4.1.12-3.2.20060mdk.i586.rpm
 a1d6f0b6b6c3441723ddce425f9d7962  2006.0/RPMS/libmysql14-devel-4.1.12-3.2.20060mdk.i586.rpm
 9d8d79e0b992d7014e6fc48e759a6588  2006.0/RPMS/MySQL-4.1.12-3.2.20060mdk.i586.rpm
 f1b66a2737dd7cd25e91807fc228b538  2006.0/RPMS/MySQL-bench-4.1.12-3.2.20060mdk.i586.rpm
 9ff1b0895c676d7fb397be4d0696b510  2006.0/RPMS/MySQL-client-4.1.12-3.2.20060mdk.i586.rpm
 d9a488579d2318523bdd59bf3bea426c  2006.0/RPMS/MySQL-common-4.1.12-3.2.20060mdk.i586.rpm
 465af10c347f571dc01af650bd26c1ff  2006.0/RPMS/MySQL-Max-4.1.12-3.2.20060mdk.i586.rpm
 113a35b2c5d17ce60404787fcee90146  2006.0/RPMS/MySQL-NDB-4.1.12-3.2.20060mdk.i586.rpm
 5b2a2092676086292383ac5178cb0be1  2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.i586.rpm
 fab0e8f7d4365d264c28e5f731d3d34b  2006.0/SRPMS/MySQL-4.1.12-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 95076266d5ef2642c402f7130cdfe241  x86_64/2006.0/RPMS/lib64mysql14-4.1.12-3.2.20060mdk.x86_64.rpm
 acbdc71b998c812c24ed7114c368ece3  x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-3.2.20060mdk.x86_64.rpm
 ea9a4fc478ddeb0fafaa50e0ea4a208f  x86_64/2006.0/RPMS/MySQL-4.1.12-3.2.20060mdk.x86_64.rpm
 fef7934cf4bee099e8e64bc0b75f885d  x86_64/2006.0/RPMS/MySQL-bench-4.1.12-3.2.20060mdk.x86_64.rpm
 e713937238d32342925e65ef301585e7  x86_64/2006.0/RPMS/MySQL-client-4.1.12-3.2.20060mdk.x86_64.rpm
 1f36af145e87802e37c673a66360fe34  x86_64/2006.0/RPMS/MySQL-common-4.1.12-3.2.20060mdk.x86_64.rpm
 c24793f5e9e10a9601db7dac7d096b29  x86_64/2006.0/RPMS/MySQL-Max-4.1.12-3.2.20060mdk.x86_64.rpm
 82b03a0968e65e92cdb569d8149e0fd1  x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-3.2.20060mdk.x86_64.rpm
 fab0e8f7d4365d264c28e5f731d3d34b  x86_64/2006.0/SRPMS/MySQL-4.1.12-3.2.20060mdk.src.rpm

 Corporate 3.0:
 08e6f2ab4f9e4c527519fb927cd1bbd7  corporate/3.0/RPMS/libmysql12-4.0.18-1.9.C30mdk.i586.rpm
 01de6e536bcd09a1b61c41b1f42f2f72  corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.9.C30mdk.i586.rpm
 ddf99e4e753c37709883b04d1cf2030a  corporate/3.0/RPMS/MySQL-4.0.18-1.9.C30mdk.i586.rpm
 4cee7ed9d192be77d78dd72d8fcd2eaa  corporate/3.0/RPMS/MySQL-bench-4.0.18-1.9.C30mdk.i586.rpm
 65faadbbd953da2f71e7ba575aabd9c5  corporate/3.0/RPMS/MySQL-client-4.0.18-1.9.C30mdk.i586.rpm
 d88cb2542f68be1438770e916cedfbf8  corporate/3.0/RPMS/MySQL-common-4.0.18-1.9.C30mdk.i586.rpm
 8930f8e648b838abad0e905402d7f098  corporate/3.0/RPMS/MySQL-Max-4.0.18-1.9.C30mdk.i586.rpm
 d67f3b91058f8e17bf72d75b1d131e2d  corporate/3.0/SRPMS/MySQL-4.0.18-1.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 85adbefb6c932da4febb94fbd9ad477c  x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.9.C30mdk.x86_64.rpm
 d94af3b74686045910e2330bd5245a30  x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.9.C30mdk.x86_64.rpm
 36f0d3bb53766d832fce145d119f52c9  x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.9.C30mdk.x86_64.rpm
 538493e0ec4636f1dd0ec0ef8a26165c  x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.9.C30mdk.x86_64.rpm
 6773bce043fabd3871ec292bcbe20e7a  x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.9.C30mdk.x86_64.rpm
 fd0876c6a9dfe36df6d116ce5433b152  x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.9.C30mdk.x86_64.rpm
 808c8c1e8d107e810a2a16f0be2aa5ac  x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.9.C30mdk.x86_64.rpm
 d67f3b91058f8e17bf72d75b1d131e2d  x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.9.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 516e242273227de34c51bc5d5ddd23fd  mnf/2.0/RPMS/libmysql12-4.0.18-1.9.M20mdk.i586.rpm
 043291efac87bbdcb08ecb706ba4301d  mnf/2.0/SRPMS/MySQL-4.0.18-1.9.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEYfZ3mqjQ0CJFipgRAteAAKDlN3g6UdKdPf+J+Oqt0dZBBOFKXQCdGqRB
KC8dkNGk+cBYHxU8aYfBDA8=
=BZCO
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ