[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1ITRtk-0001Kd-Sq@artemis.annvix.ca>
Date: Thu, 06 Sep 2007 18:40:36 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:177 ] - Updated MySQL packages fix
vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:177
http://www.mandriva.com/security/
_______________________________________________________________________
Package : MySQL
Date : September 6, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in MySQL's authentication protocol, making
it possible for a remote unauthenticated attacker to send a specially
crafted authentication request to the MySQL server causing it to crash
(CVE-2007-3780).
Another flaw was discovered in MySQL that allowed remote authenticated
users to gain update privileges for a table in another database via
a view that refers to the external table (CVE-2007-3782).
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
43b19d6908c3e084f1b404feb00c63de 2007.0/i586/MySQL-5.0.24a-2.2mdv2007.0.i586.rpm
8fe94c7be904870d65b469a4c81196df 2007.0/i586/MySQL-Max-5.0.24a-2.2mdv2007.0.i586.rpm
3660295e693c4ecdbffbe3ae0b5701d8 2007.0/i586/MySQL-bench-5.0.24a-2.2mdv2007.0.i586.rpm
7298bcc5c8ee75a6eab087b9917b78f1 2007.0/i586/MySQL-client-5.0.24a-2.2mdv2007.0.i586.rpm
15dd0f8dcf80b1c1019eac8a5a4a7052 2007.0/i586/MySQL-common-5.0.24a-2.2mdv2007.0.i586.rpm
37ca2f0c3a007ff1c8981c1b7125ce2d 2007.0/i586/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.i586.rpm
544ef62805a41bf9b403e25ce7c7c1f5 2007.0/i586/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.i586.rpm
d7c5b8b833c2619dfa20401d0da61918 2007.0/i586/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.i586.rpm
e05d20b0c89d60be5b7be125e01bd7db 2007.0/i586/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.i586.rpm
ee401b386f61cdd23ad8ac68500d57ef 2007.0/i586/libmysql15-5.0.24a-2.2mdv2007.0.i586.rpm
7eb3b28147bb62fce7226c2bcd2fc0cf 2007.0/i586/libmysql15-devel-5.0.24a-2.2mdv2007.0.i586.rpm
f6173d4e62a6c52a124e8c7780796ed7 2007.0/i586/libmysql15-static-devel-5.0.24a-2.2mdv2007.0.i586.rpm
ed790867b5e832f98e14a5831d3c3d9b 2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9d8b485e4debe1a29d99cb4fc023ed17 2007.0/x86_64/MySQL-5.0.24a-2.2mdv2007.0.x86_64.rpm
8d0fd0cbc5449a5e9b9282209d8fb985 2007.0/x86_64/MySQL-Max-5.0.24a-2.2mdv2007.0.x86_64.rpm
05278a6de101b301da12d402636a5e33 2007.0/x86_64/MySQL-bench-5.0.24a-2.2mdv2007.0.x86_64.rpm
72efb5e7e697da6239e329370f972944 2007.0/x86_64/MySQL-client-5.0.24a-2.2mdv2007.0.x86_64.rpm
e2dbbe658be425721686df1a7b55251f 2007.0/x86_64/MySQL-common-5.0.24a-2.2mdv2007.0.x86_64.rpm
1d89433b36d4e80c2f56278adf028270 2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.x86_64.rpm
a709ab263cd6ea0254fb151c00eb71c4 2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.x86_64.rpm
85d6c978f065853608a12d2a4bd9e04f 2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.x86_64.rpm
88367e83123464a946c39aa115590142 2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.x86_64.rpm
c8f4fce474c9c5727499eacb1e31dbb1 2007.0/x86_64/lib64mysql15-5.0.24a-2.2mdv2007.0.x86_64.rpm
86230304c28d04713d68388a742c5888 2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm
ff870649d1aab1fae3a80ff6398427a6 2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm
ed790867b5e832f98e14a5831d3c3d9b 2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
7fef4072328373994701bd1150169219 2007.1/i586/MySQL-5.0.37-2.2mdv2007.1.i586.rpm
bbd5bfcca79fa90fd665e0aafeb4cfe9 2007.1/i586/MySQL-Max-5.0.37-2.2mdv2007.1.i586.rpm
0441bb8eafd22b50e736703da932f665 2007.1/i586/MySQL-bench-5.0.37-2.2mdv2007.1.i586.rpm
2187707d04ec069249b0860527e66882 2007.1/i586/MySQL-client-5.0.37-2.2mdv2007.1.i586.rpm
bbedede029d6f1d91df678ec1d9da3a4 2007.1/i586/MySQL-common-5.0.37-2.2mdv2007.1.i586.rpm
319d80d98c68eaaa3be389da3c4629f5 2007.1/i586/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.i586.rpm
cb4bf9d2fdbe4fbb1d54765526bfeb58 2007.1/i586/MySQL-ndb-management-5.0.37-2.2mdv2007.1.i586.rpm
1c938b9274476282001907ed77de224a 2007.1/i586/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.i586.rpm
11c50f8638f76bec718ee8fc1b56af35 2007.1/i586/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.i586.rpm
4d247c4144b7a734eb0b31f5c254aaf4 2007.1/i586/libmysql15-5.0.37-2.2mdv2007.1.i586.rpm
3ec4be50c4f1560717afcc9ac41408da 2007.1/i586/libmysql15-devel-5.0.37-2.2mdv2007.1.i586.rpm
988b86aa49ccc5e192b197d0e32d8b5f 2007.1/i586/libmysql15-static-devel-5.0.37-2.2mdv2007.1.i586.rpm
b917f553fa6d0558628203aa7bc6f02d 2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
594e1b48094ad676e9ef0dd3f5e66a1b 2007.1/x86_64/MySQL-5.0.37-2.2mdv2007.1.x86_64.rpm
c2a2b915d686f80457568f35cc6ab64b 2007.1/x86_64/MySQL-Max-5.0.37-2.2mdv2007.1.x86_64.rpm
27160238411f975742da59c4e4a575fc 2007.1/x86_64/MySQL-bench-5.0.37-2.2mdv2007.1.x86_64.rpm
bb34823dcc3d1d3afa5581c5a93299b4 2007.1/x86_64/MySQL-client-5.0.37-2.2mdv2007.1.x86_64.rpm
4c28854e5a25bd1545898eb7fa19dbe5 2007.1/x86_64/MySQL-common-5.0.37-2.2mdv2007.1.x86_64.rpm
dde3a6779745b4bcacc86cb0ec15ae14 2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.x86_64.rpm
a235878331e4e4e0b950ccc09e832fcd 2007.1/x86_64/MySQL-ndb-management-5.0.37-2.2mdv2007.1.x86_64.rpm
171e18f799173055a892be5dfb1a099a 2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.x86_64.rpm
7d09d6e1f704a0d650b9edc374ba25bd 2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.x86_64.rpm
ab9731811943facfe7e230c1cab387ea 2007.1/x86_64/lib64mysql15-5.0.37-2.2mdv2007.1.x86_64.rpm
d12e81527f57aa81ba4b441e9bc097a8 2007.1/x86_64/lib64mysql15-devel-5.0.37-2.2mdv2007.1.x86_64.rpm
060401f7450f23b9aa4d39d63907edf5 2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.2mdv2007.1.x86_64.rpm
b917f553fa6d0558628203aa7bc6f02d 2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm
Corporate 4.0:
1938deb4b70824480abff7dfe543e8ee corporate/4.0/i586/MySQL-5.0.24-1.2.20060mlcs4.i586.rpm
a1df8885e384446fe22929e439c7c525 corporate/4.0/i586/MySQL-Max-5.0.24-1.2.20060mlcs4.i586.rpm
6f3479ce44c07541ef1f886c45803169 corporate/4.0/i586/MySQL-bench-5.0.24-1.2.20060mlcs4.i586.rpm
4dea8048500128d6e28131eba033f1c0 corporate/4.0/i586/MySQL-client-5.0.24-1.2.20060mlcs4.i586.rpm
717fc696fa3a65787672e53a25753639 corporate/4.0/i586/MySQL-common-5.0.24-1.2.20060mlcs4.i586.rpm
4cfd221eef70439ada856c769f873dbb corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.i586.rpm
e968f12d07ce19867ca4f685deb9e652 corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.i586.rpm
06d5378cfc51cd416f2f0445ef37238a corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.i586.rpm
38d365c715489e5c2ca0c6aaed5795d1 corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.i586.rpm
e628a68b96fc24856205950d5eba5141 corporate/4.0/i586/libmysql15-5.0.24-1.2.20060mlcs4.i586.rpm
93b5484b399c648f1828408fb58a7e11 corporate/4.0/i586/libmysql15-devel-5.0.24-1.2.20060mlcs4.i586.rpm
31b8c73500e0edfa03f1633bc6c69d55 corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.2.20060mlcs4.i586.rpm
6980b62dc761aa26800cf6f916ad97cd corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3f0e93587ba367bc520724669ac1c086 corporate/4.0/x86_64/MySQL-5.0.24-1.2.20060mlcs4.x86_64.rpm
d944f2af2c2bd621917005feccf61873 corporate/4.0/x86_64/MySQL-Max-5.0.24-1.2.20060mlcs4.x86_64.rpm
5e2ed990999844d6f4c2b2cb86ae2bec corporate/4.0/x86_64/MySQL-bench-5.0.24-1.2.20060mlcs4.x86_64.rpm
1757800fcd5bb184878d3a6c7dbb90ba corporate/4.0/x86_64/MySQL-client-5.0.24-1.2.20060mlcs4.x86_64.rpm
e7800546e65218cebedc27a17876f208 corporate/4.0/x86_64/MySQL-common-5.0.24-1.2.20060mlcs4.x86_64.rpm
8851f7b970ce101b404ce22e6a28f435 corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.x86_64.rpm
30756109744e4b01c35465ca79a17d01 corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.x86_64.rpm
6b0c0f9f352e4a0c1e4f2daf5d6cc022 corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.x86_64.rpm
93b941dcc96c76c4dd8d094ffcfe5d00 corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.x86_64.rpm
3d4aae8b37ad1f8c5311202d8d5bd216 corporate/4.0/x86_64/lib64mysql15-5.0.24-1.2.20060mlcs4.x86_64.rpm
3f1bf6d93890beac995231ef5141271e corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm
e254f27be6338ef526d1ea2facfa6e6d corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm
6980b62dc761aa26800cf6f916ad97cd corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG4HL4mqjQ0CJFipgRAkpdAKDTPhozGEvLphYM4BzIso4OzLislgCfeJ+k
VZ5eVA8JSlzKmPMtlIkybbs=
=n/GK
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists