| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1KKIJc-0008IZ-So@titan.mandriva.com> Date: Sat, 19 Jul 2008 13:42:00 -0600 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:149 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : July 19, 2008 Affected: 2008.1 _______________________________________________________________________ Problem Description: Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 6782fa8e80d657cc32a784791296136c 2008.1/i586/libmysql15-5.0.51a-8.1mdv2008.1.i586.rpm d38cfb788ab390a22e50c4d8cd88f713 2008.1/i586/libmysql-devel-5.0.51a-8.1mdv2008.1.i586.rpm 17c5413087a43818eb37625415db339c 2008.1/i586/libmysql-static-devel-5.0.51a-8.1mdv2008.1.i586.rpm 725b41649fd161c63087f0e44ec488bb 2008.1/i586/mysql-5.0.51a-8.1mdv2008.1.i586.rpm c6864405d42406bf85f8e2fb08af8793 2008.1/i586/mysql-bench-5.0.51a-8.1mdv2008.1.i586.rpm e6df015114747e50092b6a9d7225e821 2008.1/i586/mysql-client-5.0.51a-8.1mdv2008.1.i586.rpm 5b359172c307e980b7c8d3e409f1f85a 2008.1/i586/mysql-common-5.0.51a-8.1mdv2008.1.i586.rpm b65eb90008f0f329fcd78aa601c941cf 2008.1/i586/mysql-doc-5.0.51a-8.1mdv2008.1.i586.rpm 803c2840d6e56e851d043c21c8d153ba 2008.1/i586/mysql-max-5.0.51a-8.1mdv2008.1.i586.rpm ce4f47ad3c03549aee94d5b88734f6c8 2008.1/i586/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.i586.rpm 3f4013ca6f91d85d00895d58fccb235a 2008.1/i586/mysql-ndb-management-5.0.51a-8.1mdv2008.1.i586.rpm 494932ed64f2813cf0896f23112debc3 2008.1/i586/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.i586.rpm d7c24b1ccf013e14adc943fe90fc11c5 2008.1/i586/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.i586.rpm 0e68ede1df17ebd9dfa4c02ca7205dc1 2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 7efe5a4aaf106e5f28118d4f0a6757e5 2008.1/x86_64/lib64mysql15-5.0.51a-8.1mdv2008.1.x86_64.rpm 0793a32b20f398f03580aaa5377e5192 2008.1/x86_64/lib64mysql-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm c3efcca1e7b13bf2d38cc15ac34c3a05 2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm aa1408995eec88602fe6cde92b662814 2008.1/x86_64/mysql-5.0.51a-8.1mdv2008.1.x86_64.rpm ac232e2c080dccf9745f18a901079b7d 2008.1/x86_64/mysql-bench-5.0.51a-8.1mdv2008.1.x86_64.rpm af82fcb4a9c02aa0994015892a0d1297 2008.1/x86_64/mysql-client-5.0.51a-8.1mdv2008.1.x86_64.rpm 7628f598b3d767f0f37f30b80f224db8 2008.1/x86_64/mysql-common-5.0.51a-8.1mdv2008.1.x86_64.rpm ae212a73fda5f0e334d71a0fca4cd8b5 2008.1/x86_64/mysql-doc-5.0.51a-8.1mdv2008.1.x86_64.rpm 734b94f12d8c8b9042780e03d0a2c7df 2008.1/x86_64/mysql-max-5.0.51a-8.1mdv2008.1.x86_64.rpm 53a4ab72777ab8c85a89f8f37ceaecff 2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.x86_64.rpm 8f57766a240e25ae39c11ffba53f5762 2008.1/x86_64/mysql-ndb-management-5.0.51a-8.1mdv2008.1.x86_64.rpm 3e0df3dabd48d33ccfe4322bffe36743 2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.x86_64.rpm 02030eb47df043478edc5886d9706849 2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.x86_64.rpm 0e68ede1df17ebd9dfa4c02ca7205dc1 2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIghjzmqjQ0CJFipgRAg2lAKCPKI1bYFVEu+WtzrBRzIERRkuzvwCfeakB uT2vsaASgbZ7/Mfe3zNpGmo= =aIyr -----END PGP SIGNATURE-----
Powered by blists - more mailing lists