lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1ITRtk-0001Kd-Sq@artemis.annvix.ca>
Date: Thu, 06 Sep 2007 18:40:36 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:177 ] - Updated MySQL packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:177
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : MySQL
 Date    : September 6, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was found in MySQL's authentication protocol, making
 it possible for a remote unauthenticated attacker to send a specially
 crafted authentication request to the MySQL server causing it to crash
 (CVE-2007-3780).
 
 Another flaw was discovered in MySQL that allowed remote authenticated
 users to gain update privileges for a table in another database via
 a view that refers to the external table (CVE-2007-3782).
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 43b19d6908c3e084f1b404feb00c63de  2007.0/i586/MySQL-5.0.24a-2.2mdv2007.0.i586.rpm
 8fe94c7be904870d65b469a4c81196df  2007.0/i586/MySQL-Max-5.0.24a-2.2mdv2007.0.i586.rpm
 3660295e693c4ecdbffbe3ae0b5701d8  2007.0/i586/MySQL-bench-5.0.24a-2.2mdv2007.0.i586.rpm
 7298bcc5c8ee75a6eab087b9917b78f1  2007.0/i586/MySQL-client-5.0.24a-2.2mdv2007.0.i586.rpm
 15dd0f8dcf80b1c1019eac8a5a4a7052  2007.0/i586/MySQL-common-5.0.24a-2.2mdv2007.0.i586.rpm
 37ca2f0c3a007ff1c8981c1b7125ce2d  2007.0/i586/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.i586.rpm
 544ef62805a41bf9b403e25ce7c7c1f5  2007.0/i586/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.i586.rpm
 d7c5b8b833c2619dfa20401d0da61918  2007.0/i586/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.i586.rpm
 e05d20b0c89d60be5b7be125e01bd7db  2007.0/i586/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.i586.rpm
 ee401b386f61cdd23ad8ac68500d57ef  2007.0/i586/libmysql15-5.0.24a-2.2mdv2007.0.i586.rpm
 7eb3b28147bb62fce7226c2bcd2fc0cf  2007.0/i586/libmysql15-devel-5.0.24a-2.2mdv2007.0.i586.rpm
 f6173d4e62a6c52a124e8c7780796ed7  2007.0/i586/libmysql15-static-devel-5.0.24a-2.2mdv2007.0.i586.rpm 
 ed790867b5e832f98e14a5831d3c3d9b  2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9d8b485e4debe1a29d99cb4fc023ed17  2007.0/x86_64/MySQL-5.0.24a-2.2mdv2007.0.x86_64.rpm
 8d0fd0cbc5449a5e9b9282209d8fb985  2007.0/x86_64/MySQL-Max-5.0.24a-2.2mdv2007.0.x86_64.rpm
 05278a6de101b301da12d402636a5e33  2007.0/x86_64/MySQL-bench-5.0.24a-2.2mdv2007.0.x86_64.rpm
 72efb5e7e697da6239e329370f972944  2007.0/x86_64/MySQL-client-5.0.24a-2.2mdv2007.0.x86_64.rpm
 e2dbbe658be425721686df1a7b55251f  2007.0/x86_64/MySQL-common-5.0.24a-2.2mdv2007.0.x86_64.rpm
 1d89433b36d4e80c2f56278adf028270  2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.x86_64.rpm
 a709ab263cd6ea0254fb151c00eb71c4  2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.x86_64.rpm
 85d6c978f065853608a12d2a4bd9e04f  2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.x86_64.rpm
 88367e83123464a946c39aa115590142  2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.x86_64.rpm
 c8f4fce474c9c5727499eacb1e31dbb1  2007.0/x86_64/lib64mysql15-5.0.24a-2.2mdv2007.0.x86_64.rpm
 86230304c28d04713d68388a742c5888  2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm
 ff870649d1aab1fae3a80ff6398427a6  2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm 
 ed790867b5e832f98e14a5831d3c3d9b  2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 7fef4072328373994701bd1150169219  2007.1/i586/MySQL-5.0.37-2.2mdv2007.1.i586.rpm
 bbd5bfcca79fa90fd665e0aafeb4cfe9  2007.1/i586/MySQL-Max-5.0.37-2.2mdv2007.1.i586.rpm
 0441bb8eafd22b50e736703da932f665  2007.1/i586/MySQL-bench-5.0.37-2.2mdv2007.1.i586.rpm
 2187707d04ec069249b0860527e66882  2007.1/i586/MySQL-client-5.0.37-2.2mdv2007.1.i586.rpm
 bbedede029d6f1d91df678ec1d9da3a4  2007.1/i586/MySQL-common-5.0.37-2.2mdv2007.1.i586.rpm
 319d80d98c68eaaa3be389da3c4629f5  2007.1/i586/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.i586.rpm
 cb4bf9d2fdbe4fbb1d54765526bfeb58  2007.1/i586/MySQL-ndb-management-5.0.37-2.2mdv2007.1.i586.rpm
 1c938b9274476282001907ed77de224a  2007.1/i586/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.i586.rpm
 11c50f8638f76bec718ee8fc1b56af35  2007.1/i586/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.i586.rpm
 4d247c4144b7a734eb0b31f5c254aaf4  2007.1/i586/libmysql15-5.0.37-2.2mdv2007.1.i586.rpm
 3ec4be50c4f1560717afcc9ac41408da  2007.1/i586/libmysql15-devel-5.0.37-2.2mdv2007.1.i586.rpm
 988b86aa49ccc5e192b197d0e32d8b5f  2007.1/i586/libmysql15-static-devel-5.0.37-2.2mdv2007.1.i586.rpm 
 b917f553fa6d0558628203aa7bc6f02d  2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 594e1b48094ad676e9ef0dd3f5e66a1b  2007.1/x86_64/MySQL-5.0.37-2.2mdv2007.1.x86_64.rpm
 c2a2b915d686f80457568f35cc6ab64b  2007.1/x86_64/MySQL-Max-5.0.37-2.2mdv2007.1.x86_64.rpm
 27160238411f975742da59c4e4a575fc  2007.1/x86_64/MySQL-bench-5.0.37-2.2mdv2007.1.x86_64.rpm
 bb34823dcc3d1d3afa5581c5a93299b4  2007.1/x86_64/MySQL-client-5.0.37-2.2mdv2007.1.x86_64.rpm
 4c28854e5a25bd1545898eb7fa19dbe5  2007.1/x86_64/MySQL-common-5.0.37-2.2mdv2007.1.x86_64.rpm
 dde3a6779745b4bcacc86cb0ec15ae14  2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.x86_64.rpm
 a235878331e4e4e0b950ccc09e832fcd  2007.1/x86_64/MySQL-ndb-management-5.0.37-2.2mdv2007.1.x86_64.rpm
 171e18f799173055a892be5dfb1a099a  2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.x86_64.rpm
 7d09d6e1f704a0d650b9edc374ba25bd  2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.x86_64.rpm
 ab9731811943facfe7e230c1cab387ea  2007.1/x86_64/lib64mysql15-5.0.37-2.2mdv2007.1.x86_64.rpm
 d12e81527f57aa81ba4b441e9bc097a8  2007.1/x86_64/lib64mysql15-devel-5.0.37-2.2mdv2007.1.x86_64.rpm
 060401f7450f23b9aa4d39d63907edf5  2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.2mdv2007.1.x86_64.rpm 
 b917f553fa6d0558628203aa7bc6f02d  2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm

 Corporate 4.0:
 1938deb4b70824480abff7dfe543e8ee  corporate/4.0/i586/MySQL-5.0.24-1.2.20060mlcs4.i586.rpm
 a1df8885e384446fe22929e439c7c525  corporate/4.0/i586/MySQL-Max-5.0.24-1.2.20060mlcs4.i586.rpm
 6f3479ce44c07541ef1f886c45803169  corporate/4.0/i586/MySQL-bench-5.0.24-1.2.20060mlcs4.i586.rpm
 4dea8048500128d6e28131eba033f1c0  corporate/4.0/i586/MySQL-client-5.0.24-1.2.20060mlcs4.i586.rpm
 717fc696fa3a65787672e53a25753639  corporate/4.0/i586/MySQL-common-5.0.24-1.2.20060mlcs4.i586.rpm
 4cfd221eef70439ada856c769f873dbb  corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.i586.rpm
 e968f12d07ce19867ca4f685deb9e652  corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.i586.rpm
 06d5378cfc51cd416f2f0445ef37238a  corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.i586.rpm
 38d365c715489e5c2ca0c6aaed5795d1  corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.i586.rpm
 e628a68b96fc24856205950d5eba5141  corporate/4.0/i586/libmysql15-5.0.24-1.2.20060mlcs4.i586.rpm
 93b5484b399c648f1828408fb58a7e11  corporate/4.0/i586/libmysql15-devel-5.0.24-1.2.20060mlcs4.i586.rpm
 31b8c73500e0edfa03f1633bc6c69d55  corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.2.20060mlcs4.i586.rpm 
 6980b62dc761aa26800cf6f916ad97cd  corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3f0e93587ba367bc520724669ac1c086  corporate/4.0/x86_64/MySQL-5.0.24-1.2.20060mlcs4.x86_64.rpm
 d944f2af2c2bd621917005feccf61873  corporate/4.0/x86_64/MySQL-Max-5.0.24-1.2.20060mlcs4.x86_64.rpm
 5e2ed990999844d6f4c2b2cb86ae2bec  corporate/4.0/x86_64/MySQL-bench-5.0.24-1.2.20060mlcs4.x86_64.rpm
 1757800fcd5bb184878d3a6c7dbb90ba  corporate/4.0/x86_64/MySQL-client-5.0.24-1.2.20060mlcs4.x86_64.rpm
 e7800546e65218cebedc27a17876f208  corporate/4.0/x86_64/MySQL-common-5.0.24-1.2.20060mlcs4.x86_64.rpm
 8851f7b970ce101b404ce22e6a28f435  corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.x86_64.rpm
 30756109744e4b01c35465ca79a17d01  corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.x86_64.rpm
 6b0c0f9f352e4a0c1e4f2daf5d6cc022  corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.x86_64.rpm
 93b941dcc96c76c4dd8d094ffcfe5d00  corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.x86_64.rpm
 3d4aae8b37ad1f8c5311202d8d5bd216  corporate/4.0/x86_64/lib64mysql15-5.0.24-1.2.20060mlcs4.x86_64.rpm
 3f1bf6d93890beac995231ef5141271e  corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm
 e254f27be6338ef526d1ea2facfa6e6d  corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm 
 6980b62dc761aa26800cf6f916ad97cd  corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG4HL4mqjQ0CJFipgRAkpdAKDTPhozGEvLphYM4BzIso4OzLislgCfeJ+k
VZ5eVA8JSlzKmPMtlIkybbs=
=n/GK
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ