lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <42D86ABD.9060605@videotron.ca> Date: Sat Jul 16 03:02:20 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Subject: [FLSA-2005:152925] Updated mysql packages fix security issues --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated mysql packages fix security issues Advisory ID: FLSA:152925 Issue date: 2005-07-15 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2005-0709 CAN-2005-0710 CAN-2005-0711 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated mysql packages that fix various security issues are now available. MySQL is a multi-user, multi-threaded SQL database server. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user- defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152925 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mysql-3.23.58-1.73.6.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-3.23.58-1.73.6.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-devel-3.23.58-1.73.6.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-server-3.23.58-1.73.6.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mysql-3.23.58-1.90.6.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-3.23.58-1.90.6.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-devel-3.23.58-1.90.6.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-server-3.23.58-1.90.6.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mysql-3.23.58-4.4.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-3.23.58-4.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-bench-3.23.58-4.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-devel-3.23.58-4.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-server-3.23.58-4.4.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 6b9ad2acc6eaaebeef935feb6e32b1e59f8d1e94 redhat/7.3/updates/i386/mysql-3.23.58-1.73.6.legacy.i386.rpm 090bce8a56c5cc7fedbca223925eb9d15dca5cd5 redhat/7.3/updates/i386/mysql-devel-3.23.58-1.73.6.legacy.i386.rpm 8d8565f44b2de5f7d36274803d04e4b06e2abf81 redhat/7.3/updates/i386/mysql-server-3.23.58-1.73.6.legacy.i386.rpm 1d8f01787f7824c2d2638c8e48e9e8c03d7c0c28 redhat/7.3/updates/SRPMS/mysql-3.23.58-1.73.6.legacy.src.rpm c838b40be12cd10b40f4b2c7e4c14c368734da23 redhat/9/updates/i386/mysql-3.23.58-1.90.6.legacy.i386.rpm dc86a50ecfef42f4f85aaf798f84beea0bf656fa redhat/9/updates/i386/mysql-devel-3.23.58-1.90.6.legacy.i386.rpm dc24c3c52eeb2874b3547b0d2347e214b321da02 redhat/9/updates/i386/mysql-server-3.23.58-1.90.6.legacy.i386.rpm 4f713ffcf56fd07d19e12f291a87a4feea6fbd23 redhat/9/updates/SRPMS/mysql-3.23.58-1.90.6.legacy.src.rpm ed3ddb39dbadf121a87348c9b7cfb3d6fc3917c4 fedora/1/updates/i386/mysql-3.23.58-4.4.legacy.i386.rpm 3c57f554ed37cbb29e05773c1527f389f4601b16 fedora/1/updates/i386/mysql-bench-3.23.58-4.4.legacy.i386.rpm d08b91055dae251b192de109a453a4bbe03828c9 fedora/1/updates/i386/mysql-devel-3.23.58-4.4.legacy.i386.rpm 950b5116ba77127478cb02d5a9b7e23711376daf fedora/1/updates/i386/mysql-server-3.23.58-4.4.legacy.i386.rpm 56257305e480c2db1669de92024033f7bb9f1702 fedora/1/updates/SRPMS/mysql-3.23.58-4.4.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 9. Contact: The Fedora Legacy security contact is <secnotice@...oralegacy.org>. More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050715/19cf226d/signature.bin
Powered by blists - more mailing lists