lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1FtojI-0002O1-AB@mercury.mandriva.com>
Date: Fri, 23 Jun 2006 10:42:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:111 ] - Updated MySQL packages fixes authorized user DoS(crash) vulnerability.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:111
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : MySQL
 Date    : June 23, 2006
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 
 5.1.6 allows remote authorized users to cause a denial of service (crash) 
 via a NULL second argument to the str_to_date function.
 
 MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.
 
 Packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 78e8411d4173067449ab40b253359584  10.2/RPMS/libmysql14-4.1.11-1.6.102mdk.i586.rpm
 1b8c46014749729fd853c6dcee91eaed  10.2/RPMS/libmysql14-devel-4.1.11-1.6.102mdk.i586.rpm
 996f92c1d1cb685938a1b019d8b637c0  10.2/RPMS/MySQL-4.1.11-1.6.102mdk.i586.rpm
 766fa948a6d3e0094658aa936a76e203  10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.i586.rpm
 587b166b5e24e39df778d1a49ca26c60  10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.i586.rpm
 26e3fd9cf0a5977e2b934c12ad9500fc  10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.i586.rpm
 66f223fa9cfe196c01c6e4b311d70a65  10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.i586.rpm
 550a497e8f5fb748b9a91a0717da6c48  10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.i586.rpm
 c3cd6a33370387b6b7ef26810d04ed5e  10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 b93aa5af71b0fc8752b59ea9e137fbb9  x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.6.102mdk.x86_64.rpm
 97baf24556b164bd67d7456f662788a2  x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.6.102mdk.x86_64.rpm
 2e1874294dd1bd7bb66eca3db4b84f9f  x86_64/10.2/RPMS/MySQL-4.1.11-1.6.102mdk.x86_64.rpm
 e59c30459703a1143a6a5c2aa962fdeb  x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.x86_64.rpm
 921411f6d52933199902eae720bdfc4c  x86_64/10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.x86_64.rpm
 ee8319140b47877d3920a6f789f10076  x86_64/10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.x86_64.rpm
 5ecce7afbba4fd0ddd9e36ef068cb007  x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.x86_64.rpm
 7f30cc287096f0a28347b9a18454bdf8  x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.x86_64.rpm
 c3cd6a33370387b6b7ef26810d04ed5e  x86_64/10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm

 Mandriva Linux 2006.0:
 bbad68193933b00b85f243e80280f954  2006.0/RPMS/libmysql14-4.1.12-4.3.20060mdk.i586.rpm
 c8f89626e74f928e1f997d547ea9e5ff  2006.0/RPMS/libmysql14-devel-4.1.12-4.3.20060mdk.i586.rpm
 7274a11988a77408823e0fef2375cc16  2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.i586.rpm
 e63c7660cb86a3e0d3240d00a43e53a9  2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.i586.rpm
 aa902a285d22f9df2a33dc7d9490c3f7  2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.i586.rpm
 633d3a283dd19ea2a51448b815ad53a9  2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.i586.rpm
 96ce79cfbda19d2af7ba81de922561c1  2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.i586.rpm
 0e83d8f9db5f77d08a0c876befbe1a67  2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.i586.rpm
 7e92a87a1fbe7b3dad96372a678a2c65  2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 3abed6dfe1aff3e142effab7438f1813  x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.3.20060mdk.x86_64.rpm
 d29d7cc058e7cd5af8068db37e2170e8  x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.3.20060mdk.x86_64.rpm
 4dd7efc9fcd7fd77cc6a5f4b9e2294f5  x86_64/2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.x86_64.rpm
 7b2f19ea6fd61a972038ea79063167e3  x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.x86_64.rpm
 434eaff2f79e6dcb6d4ad6ca7d538259  x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.x86_64.rpm
 49aa9dcfbe79d8a91ad6823d505f19ac  x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.x86_64.rpm
 bfa5996ca7e57f071fcc4a2574883a8e  x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.x86_64.rpm
 9df2f30b72c53bd4be9c92b4146e5c79  x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.x86_64.rpm
 7e92a87a1fbe7b3dad96372a678a2c65  x86_64/2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEm+2vmqjQ0CJFipgRAp03AKCBqLEYfQYn+lpIV8ORd0ET05DCKwCgnaYx
58aB4ezFDNLNyf9NyjyTGIs=
=Hla8
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ