lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1J1tlP-0001IG-3Z@artemis.annvix.ca>
Date: Mon, 10 Dec 2007 18:18:23 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:243 ] - Updated MySQL packages fix multiple
 vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:243
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : MySQL
 Date    : December 10, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in MySQL prior to 5.0.45 did not require priveliges
 such as SELECT for the source table in a CREATE TABLE LIKE statement,
 allowing remote authenticated users to obtain sensitive information
 such as the table structure (CVE-2007-3781).
 
 A vulnerability in the InnoDB engine in MySQL allowed remote
 authenticated users to cause a denial of service (database crash)
 via certain CONTAINS operations on an indexed column, which triggered
 an assertion error (CVE-2007-5925).
 
 Using RENAME TABLE against a table with explicit DATA DIRECTORY and
 INDEX DIRECTORY options could be used to overwrite system table
 information by replacing the file to which a symlink pointed to
 (CVE-2007-5969).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 ae48df2b0377d0f2ebb0aaaa7b6310c6  2007.0/i586/MySQL-5.0.24a-2.3mdv2007.0.i586.rpm
 ecf691100caecf50b3643b6c254e0b1b  2007.0/i586/MySQL-Max-5.0.24a-2.3mdv2007.0.i586.rpm
 8b6f53c1c9fa5f2150a8e7cc20b3a635  2007.0/i586/MySQL-bench-5.0.24a-2.3mdv2007.0.i586.rpm
 bde8ba1841f68683a984cdea2405d40d  2007.0/i586/MySQL-client-5.0.24a-2.3mdv2007.0.i586.rpm
 01dcc1472f5c013e80454458ca0bcdd5  2007.0/i586/MySQL-common-5.0.24a-2.3mdv2007.0.i586.rpm
 d8ffbdd8f1e83dddc18ae1ab3da417ce  2007.0/i586/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.i586.rpm
 836a595ac27e4e1bf9f0c554c625d8ee  2007.0/i586/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.i586.rpm
 a830470e23ab010c43165d89ee64d2b1  2007.0/i586/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.i586.rpm
 89311e6a8ab90817d697100492d99695  2007.0/i586/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.i586.rpm
 3cf781afa097fba7d0e80efe4e8c7316  2007.0/i586/libmysql15-5.0.24a-2.3mdv2007.0.i586.rpm
 54c8da360b46bec71b1d6e165f29cd10  2007.0/i586/libmysql15-devel-5.0.24a-2.3mdv2007.0.i586.rpm
 150e51cad7944bd0a079ce0fa04f4396  2007.0/i586/libmysql15-static-devel-5.0.24a-2.3mdv2007.0.i586.rpm 
 b26414bdd5720ef35f6f76bbb5822760  2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 dafabcfc5d4c8a72f122efeea6de49d6  2007.0/x86_64/MySQL-5.0.24a-2.3mdv2007.0.x86_64.rpm
 9dd7a9ddedc86e0b7fc2a5c84f483c68  2007.0/x86_64/MySQL-Max-5.0.24a-2.3mdv2007.0.x86_64.rpm
 1a63a771fb1019101771a7933488a335  2007.0/x86_64/MySQL-bench-5.0.24a-2.3mdv2007.0.x86_64.rpm
 3d353e6abc9cdcd92391e1d42b667347  2007.0/x86_64/MySQL-client-5.0.24a-2.3mdv2007.0.x86_64.rpm
 e34fe5b73b3747c786e1e170cf503b28  2007.0/x86_64/MySQL-common-5.0.24a-2.3mdv2007.0.x86_64.rpm
 dea1a4166a873372a5580b96bbcb81ee  2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.x86_64.rpm
 86a9c04d129f88f3dfd9211a94fc0283  2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.x86_64.rpm
 9f07fb9af772f3700af8d0655e6d4fc7  2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.x86_64.rpm
 160166e5ef2aa5614e6bbf97b40e83b0  2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.x86_64.rpm
 4437780704ec957046236da489097898  2007.0/x86_64/lib64mysql15-5.0.24a-2.3mdv2007.0.x86_64.rpm
 e183be407214a07cf03bca7a9d48a003  2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm
 924fe118e9b7d3195f98ec5488069087  2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm 
 b26414bdd5720ef35f6f76bbb5822760  2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 af618358834880d59c51efbb9114f44b  2007.1/i586/MySQL-5.0.37-2.3mdv2007.1.i586.rpm
 bdf67dcabe1419c25be32e704ffc9118  2007.1/i586/MySQL-Max-5.0.37-2.3mdv2007.1.i586.rpm
 a0e054eee6399ca0ac038ffdbf062b49  2007.1/i586/MySQL-bench-5.0.37-2.3mdv2007.1.i586.rpm
 edc74fc3a9f85e0834ad8de6b5c7641a  2007.1/i586/MySQL-client-5.0.37-2.3mdv2007.1.i586.rpm
 a05be3c7dbab742efc31c52174cb80f8  2007.1/i586/MySQL-common-5.0.37-2.3mdv2007.1.i586.rpm
 110e07270766e269ea8c720c69ffea31  2007.1/i586/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.i586.rpm
 f97bc06af4f92fb1641ccc8c8c755925  2007.1/i586/MySQL-ndb-management-5.0.37-2.3mdv2007.1.i586.rpm
 80061a23f4f385ea92ead26926a4f1bd  2007.1/i586/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.i586.rpm
 e7746d0fdaedc620600ca804217880be  2007.1/i586/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.i586.rpm
 341849b4e854eecee9bce112de3aabbf  2007.1/i586/libmysql15-5.0.37-2.3mdv2007.1.i586.rpm
 f54ad215095b969d4eaa9387888ee382  2007.1/i586/libmysql15-devel-5.0.37-2.3mdv2007.1.i586.rpm
 a8ccc5cd79afb825f07b800562eeb983  2007.1/i586/libmysql15-static-devel-5.0.37-2.3mdv2007.1.i586.rpm 
 c15830b94be90e125932c124277cb4e5  2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 4114f7053c623903ae1052c87298104a  2007.1/x86_64/MySQL-5.0.37-2.3mdv2007.1.x86_64.rpm
 6dc932e046c3acea306c2d73f974cd4d  2007.1/x86_64/MySQL-Max-5.0.37-2.3mdv2007.1.x86_64.rpm
 af7084761155f1ae4ae4ffb38fd6f5d5  2007.1/x86_64/MySQL-bench-5.0.37-2.3mdv2007.1.x86_64.rpm
 c9ac2de19761bec973a01587fa5e4771  2007.1/x86_64/MySQL-client-5.0.37-2.3mdv2007.1.x86_64.rpm
 630177c360a7ccef549856b489c1cba9  2007.1/x86_64/MySQL-common-5.0.37-2.3mdv2007.1.x86_64.rpm
 2e54c976e101b85d01b28b010a155117  2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.x86_64.rpm
 19c236527f8d45b49a68081b61b198b9  2007.1/x86_64/MySQL-ndb-management-5.0.37-2.3mdv2007.1.x86_64.rpm
 9621e6dbaa7414fcc509ca03c0c1b9fc  2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.x86_64.rpm
 4ccced339bde031d32d68da7ecac9c62  2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.x86_64.rpm
 e889ec496f2e3f49614f83972a387b88  2007.1/x86_64/lib64mysql15-5.0.37-2.3mdv2007.1.x86_64.rpm
 e3d0231d99696ba1c6d17b7243cb0572  2007.1/x86_64/lib64mysql15-devel-5.0.37-2.3mdv2007.1.x86_64.rpm
 7af0d505dd140cd2b93ed8df1ffda4c3  2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.3mdv2007.1.x86_64.rpm 
 c15830b94be90e125932c124277cb4e5  2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 89cdb41e21ed18fc26ceed435aa7d93b  2008.0/i586/libmysql-devel-5.0.45-7.1mdv2008.0.i586.rpm
 cba56cb02d635ad2f7836efa669a3e3a  2008.0/i586/libmysql-static-devel-5.0.45-7.1mdv2008.0.i586.rpm
 ba1f720538f76334697746f9356467cf  2008.0/i586/libmysql15-5.0.45-7.1mdv2008.0.i586.rpm
 95283adc79f2fe21611aa595f047ff22  2008.0/i586/mysql-5.0.45-7.1mdv2008.0.i586.rpm
 53cc7abc631e7046e8510ad7bfcd9401  2008.0/i586/mysql-bench-5.0.45-7.1mdv2008.0.i586.rpm
 7c625f140ce1a4ec8708424256ff75a2  2008.0/i586/mysql-client-5.0.45-7.1mdv2008.0.i586.rpm
 81549bb1dc4d2ad0e328c67ea76245e5  2008.0/i586/mysql-common-5.0.45-7.1mdv2008.0.i586.rpm
 71bf968ec0e8c0a8fac261605dff029c  2008.0/i586/mysql-max-5.0.45-7.1mdv2008.0.i586.rpm
 8dcc6d09c69169e9a58dd44e39022364  2008.0/i586/mysql-ndb-extra-5.0.45-7.1mdv2008.0.i586.rpm
 f1928ffbe77276098519f64c6f522e1a  2008.0/i586/mysql-ndb-management-5.0.45-7.1mdv2008.0.i586.rpm
 0770146e29802dd26bacc6768f4e0202  2008.0/i586/mysql-ndb-storage-5.0.45-7.1mdv2008.0.i586.rpm
 bc9325b67c64f9ba63d14d7eb582bd1a  2008.0/i586/mysql-ndb-tools-5.0.45-7.1mdv2008.0.i586.rpm 
 c0575884589bcd70be748a2ff39f19c1  2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5adbf1a745ebe3c9d68600e6ae3cc90d  2008.0/x86_64/lib64mysql-devel-5.0.45-7.1mdv2008.0.x86_64.rpm
 fcef4c2a7bf00d5939bd0a2512f05004  2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.1mdv2008.0.x86_64.rpm
 3ebea8d3fbedacb7a96195f1a49e0004  2008.0/x86_64/lib64mysql15-5.0.45-7.1mdv2008.0.x86_64.rpm
 d08b3ec903dc8c804d573796a401ec64  2008.0/x86_64/mysql-5.0.45-7.1mdv2008.0.x86_64.rpm
 b40014e51bf2e68b5dd67365ae099885  2008.0/x86_64/mysql-bench-5.0.45-7.1mdv2008.0.x86_64.rpm
 faf05a4c4a684e63db58e2cfa779066c  2008.0/x86_64/mysql-client-5.0.45-7.1mdv2008.0.x86_64.rpm
 d5d51b2fe6810193443e337cc063cc6f  2008.0/x86_64/mysql-common-5.0.45-7.1mdv2008.0.x86_64.rpm
 36db213a8d356145f769c4764ecfdb43  2008.0/x86_64/mysql-max-5.0.45-7.1mdv2008.0.x86_64.rpm
 3b7b4c4348a94687e6f70a077190578a  2008.0/x86_64/mysql-ndb-extra-5.0.45-7.1mdv2008.0.x86_64.rpm
 6c6b4ac3e2e7f93ec4ae7736989a4865  2008.0/x86_64/mysql-ndb-management-5.0.45-7.1mdv2008.0.x86_64.rpm
 ae26212b354d64f8c903dc771bc9d1b7  2008.0/x86_64/mysql-ndb-storage-5.0.45-7.1mdv2008.0.x86_64.rpm
 ebd97d817a3c8c6d208712ad8fc5b788  2008.0/x86_64/mysql-ndb-tools-5.0.45-7.1mdv2008.0.x86_64.rpm 
 c0575884589bcd70be748a2ff39f19c1  2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm

 Corporate 4.0:
 e7d08c55508c5aff029bc712c3eaa985  corporate/4.0/i586/MySQL-5.0.24-1.3.20060mlcs4.i586.rpm
 2929501ca876443313448190a76dd4b1  corporate/4.0/i586/MySQL-Max-5.0.24-1.3.20060mlcs4.i586.rpm
 42ae6b36dd3fd0b655cdf853bcdac756  corporate/4.0/i586/MySQL-bench-5.0.24-1.3.20060mlcs4.i586.rpm
 bf6c9a292ac3ceffe194b9515353bcf8  corporate/4.0/i586/MySQL-client-5.0.24-1.3.20060mlcs4.i586.rpm
 423f7921eb3f13bce192b361115b63be  corporate/4.0/i586/MySQL-common-5.0.24-1.3.20060mlcs4.i586.rpm
 b0ceab082e27ee7ec0463396cc3239a5  corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.i586.rpm
 64e94e4df86309716ba11f28e7c06086  corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.i586.rpm
 68965d44922b0b7c6ccb58a939747c73  corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.i586.rpm
 72dfe4a7c58ed1249cb096b9f0d661ca  corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.i586.rpm
 f5da97c0283a559c161956371b92c1de  corporate/4.0/i586/libmysql15-5.0.24-1.3.20060mlcs4.i586.rpm
 d835024b4814af69ca86c90a417b1ab5  corporate/4.0/i586/libmysql15-devel-5.0.24-1.3.20060mlcs4.i586.rpm
 9c6c70427dfed5a57a13e5902a98022b  corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.3.20060mlcs4.i586.rpm 
 399ce94ad408bddedab3d81288121625  corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7e2d63d05b367f306249c9550208e118  corporate/4.0/x86_64/MySQL-5.0.24-1.3.20060mlcs4.x86_64.rpm
 5173adbc8c5eab3d28c6b9e3ec43ff87  corporate/4.0/x86_64/MySQL-Max-5.0.24-1.3.20060mlcs4.x86_64.rpm
 942043cc7038c2b67a5fc46ceb8f3103  corporate/4.0/x86_64/MySQL-bench-5.0.24-1.3.20060mlcs4.x86_64.rpm
 b7e443185fd52a138e59db1b585892a4  corporate/4.0/x86_64/MySQL-client-5.0.24-1.3.20060mlcs4.x86_64.rpm
 68b16b2a302efd03fe14393101e456b1  corporate/4.0/x86_64/MySQL-common-5.0.24-1.3.20060mlcs4.x86_64.rpm
 8f29021b04eb3467ae0ffab4af5e7e93  corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.x86_64.rpm
 ae0b10b13ea0dd9baef8c1a2a728ffde  corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.x86_64.rpm
 b21a2b8fc11c15b4106096f819b56997  corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.x86_64.rpm
 3ed7adeec020550150264758f002a296  corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.x86_64.rpm
 21aeb21a7295e6cadc89d9cdf5a917fa  corporate/4.0/x86_64/lib64mysql15-5.0.24-1.3.20060mlcs4.x86_64.rpm
 bb9cfd0b7bf9dcadb498ec550b4e135c  corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm
 3b7daadd91dc22dbb16b5c2e9f16a11c  corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm 
 399ce94ad408bddedab3d81288121625  corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHXbndmqjQ0CJFipgRApC8AJ4i3TnENhYsdgeNsxRmcvjkzOCMxACg4W6r
84ksq8yvKbneUsb8qd4J6pw=
=YmKU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ