lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JK4iI-0000Xg-Sg@artemis.annvix.ca>
Date: Tue, 29 Jan 2008 21:38:18 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:028 ] - Updated MySQL packages fix
 multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:028
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mysql
 Date    : January 29, 2008
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not
 restore THD::db_access privileges when returning from SQL SECURITY
 INVOKER stored routines, which allowed remote authenticated users to
 gain privileges (CVE-2007-2692).
 
 The federated engine in MySQL 5.0.x, when performing a certain SHOW
 TABLE STATUS query, did not properly handle a response with a small
 number of columns, which could allow a remote MySQL server to cause
 a denial of service (federated handler crash and daemon crash)
 via a response that lacks the minimum required number of columns
 (CVE-2007-6304).
 
 The updated packages provide MySQL 5.0.45 for all Mandriva Linux
 platforms that shipped with MySQL 5.0.x which offers a number of
 feature enhancements and bug fixes.  In addition, the updates for
 Corporate Server 4.0 include support for the Sphinx engine.
 
 Please note that due to the package name change (from 'MySQL' to
 'mysql'), the mysqld service will not restart automatically so users
 must execute 'service mysqld start' after the upgrade is complete.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 8308e15a835905cfb1db32eada26c883  2007.0/i586/libmysql-devel-5.0.45-8.1mdv2007.0.i586.rpm
 497b43aa77224faa392c5141d48e138f  2007.0/i586/libmysql-static-devel-5.0.45-8.1mdv2007.0.i586.rpm
 d46c0aea4b3d4e3b57f6d58cd508af57  2007.0/i586/libmysql15-5.0.45-8.1mdv2007.0.i586.rpm
 3278969388161ffed75c14e15dd9d4ad  2007.0/i586/mysql-5.0.45-8.1mdv2007.0.i586.rpm
 72961088740e022b2db2c7546f361c67  2007.0/i586/mysql-bench-5.0.45-8.1mdv2007.0.i586.rpm
 36c92157cda26ce4297628e66c079d7f  2007.0/i586/mysql-client-5.0.45-8.1mdv2007.0.i586.rpm
 773b61b83357a3946395135431cd32db  2007.0/i586/mysql-common-5.0.45-8.1mdv2007.0.i586.rpm
 21b2a793207115ccf7f36c054b50b9fe  2007.0/i586/mysql-max-5.0.45-8.1mdv2007.0.i586.rpm
 1d3bd0dcb8e675674ddda288c28cb558  2007.0/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.0.i586.rpm
 3db8afbca3dd5827ffedc4e47c10f97e  2007.0/i586/mysql-ndb-management-5.0.45-8.1mdv2007.0.i586.rpm
 a6a279e76cca9cdf3ac5565179e80545  2007.0/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.0.i586.rpm
 f8b9a30a32e247915b9858f3b7f63379  2007.0/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.0.i586.rpm 
 e64751b034f8560d5118b35e6a5092fb  2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 cf40fcf35654f9c2c178f8536f718f72  2007.0/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.0.x86_64.rpm
 75c959ef8c66d26b24b32a79e9cc28bd  2007.0/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.0.x86_64.rpm
 cdfe8b2ea0baec8d6574a13ddcb8e39b  2007.0/x86_64/lib64mysql15-5.0.45-8.1mdv2007.0.x86_64.rpm
 7b55f3b2c08793911edb7aa0e1cc4b4d  2007.0/x86_64/mysql-5.0.45-8.1mdv2007.0.x86_64.rpm
 6c8a12a0b9a17dc9ba2f91b69de366a3  2007.0/x86_64/mysql-bench-5.0.45-8.1mdv2007.0.x86_64.rpm
 cc3b0305b62d265bf4ea28de45c409a4  2007.0/x86_64/mysql-client-5.0.45-8.1mdv2007.0.x86_64.rpm
 6eed047db759509c10eb349b6c2546df  2007.0/x86_64/mysql-common-5.0.45-8.1mdv2007.0.x86_64.rpm
 a4527d7bb167064a0028cf3f9b768dc5  2007.0/x86_64/mysql-max-5.0.45-8.1mdv2007.0.x86_64.rpm
 f06ce459897d0e0c93a301c2312a53e9  2007.0/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.0.x86_64.rpm
 937776dc1bad2a792d33184b92e9bb56  2007.0/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.0.x86_64.rpm
 df971f898499ec07b86d70ca40c12567  2007.0/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.0.x86_64.rpm
 aa08021ec8da55ace45677a0c2df1d81  2007.0/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.0.x86_64.rpm 
 e64751b034f8560d5118b35e6a5092fb  2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 a38836b0cbc846c1dd00e6d585a5a294  2007.1/i586/libmysql-devel-5.0.45-8.1mdv2007.1.i586.rpm
 2b7b67b466378773aceaba6ef463bf5c  2007.1/i586/libmysql-static-devel-5.0.45-8.1mdv2007.1.i586.rpm
 ce17d4f08128e4ee6fe65c0f9714d977  2007.1/i586/libmysql15-5.0.45-8.1mdv2007.1.i586.rpm
 e379f1928765efaeba54e955d814e319  2007.1/i586/mysql-5.0.45-8.1mdv2007.1.i586.rpm
 0b193494a536b74a26481c52b81b5ddb  2007.1/i586/mysql-bench-5.0.45-8.1mdv2007.1.i586.rpm
 2eabad8947dd72625bce27a7080352d8  2007.1/i586/mysql-client-5.0.45-8.1mdv2007.1.i586.rpm
 3a44bdf485a76168b8e34d5c9d32b7b6  2007.1/i586/mysql-common-5.0.45-8.1mdv2007.1.i586.rpm
 a89063f71cb71697814d722d4db74681  2007.1/i586/mysql-max-5.0.45-8.1mdv2007.1.i586.rpm
 dfba29fc3bc045ba88951f3f9de4aff2  2007.1/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.1.i586.rpm
 e8c6e2cf09c6455d744063f0263d6b21  2007.1/i586/mysql-ndb-management-5.0.45-8.1mdv2007.1.i586.rpm
 cc7b6344cd4fffa8445f39ba1b346ca9  2007.1/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.1.i586.rpm
 467865cd19dd0490f786ee23ab54e065  2007.1/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.1.i586.rpm 
 a9b3d46326af15bfd46be2c83686777f  2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7b08c92ffd78f132aafba21ab594a42d  2007.1/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.1.x86_64.rpm
 da3d05a494925b934e0456162b006888  2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.1.x86_64.rpm
 53d391471cc83b3d85db9b2bfc788494  2007.1/x86_64/lib64mysql15-5.0.45-8.1mdv2007.1.x86_64.rpm
 308068c6d03d3d5abbd0b444e836cc17  2007.1/x86_64/mysql-5.0.45-8.1mdv2007.1.x86_64.rpm
 04e3fb67f3f67a8747b1d2bf53b5e547  2007.1/x86_64/mysql-bench-5.0.45-8.1mdv2007.1.x86_64.rpm
 851d191e569b72a5b7624b2a32e4e584  2007.1/x86_64/mysql-client-5.0.45-8.1mdv2007.1.x86_64.rpm
 12fc2e3d907bfa04cb02496146cc4a56  2007.1/x86_64/mysql-common-5.0.45-8.1mdv2007.1.x86_64.rpm
 16d00cebde97ee6be2742f81937d5915  2007.1/x86_64/mysql-max-5.0.45-8.1mdv2007.1.x86_64.rpm
 06f1a09c1a8c5e721565b4e39390e184  2007.1/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.1.x86_64.rpm
 ac18d6bb01af8d50311d8a12090d8391  2007.1/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.1.x86_64.rpm
 33f135b18c515ddcbc3a7cef106dfd82  2007.1/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.1.x86_64.rpm
 b543874252fd45641001a68523e3cb76  2007.1/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.1.x86_64.rpm 
 a9b3d46326af15bfd46be2c83686777f  2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm

 Corporate 4.0:
 10b08c4aef587ab1009b30a7f6786267  corporate/4.0/i586/libmysql-devel-5.0.45-7.1.20060mlcs4.i586.rpm
 5224612a804fba33a616f2e8eeb2fb66  corporate/4.0/i586/libmysql-static-devel-5.0.45-7.1.20060mlcs4.i586.rpm
 c3ba2b6e48f6ac91416e296ed2e48ccd  corporate/4.0/i586/libmysql15-5.0.45-7.1.20060mlcs4.i586.rpm
 a0d41fd603cadfb613fab192a9f57d8b  corporate/4.0/i586/mysql-5.0.45-7.1.20060mlcs4.i586.rpm
 7ad5cd1d76be29f206148756d7675466  corporate/4.0/i586/mysql-bench-5.0.45-7.1.20060mlcs4.i586.rpm
 33194b388687a13e43ff6d464e058ff5  corporate/4.0/i586/mysql-client-5.0.45-7.1.20060mlcs4.i586.rpm
 e95b67383618e7e903d59fa035489a38  corporate/4.0/i586/mysql-common-5.0.45-7.1.20060mlcs4.i586.rpm
 465aa5b928645beff8c33da0b2a7404e  corporate/4.0/i586/mysql-max-5.0.45-7.1.20060mlcs4.i586.rpm
 c5c71f0d9423b930bc1da328e24205d5  corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.i586.rpm
 b33302b1b3376dd5cb5f3f294e83bef6  corporate/4.0/i586/mysql-ndb-management-5.0.45-7.1.20060mlcs4.i586.rpm
 039351fc45003c4b3e21f6664cca8912  corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.i586.rpm
 56931d13e6b2bb73cd40bbe148e96e9a  corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.i586.rpm 
 041dd79dc8f4531524ea7c11386c1eaa  corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 8d35642f0a5ff7f8cc917751a4d52e6a  corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm
 2d908a9332638c14dd31e8d77113a9da  corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm
 bf3443b40917fd9f8cf872b7f0731164  corporate/4.0/x86_64/lib64mysql15-5.0.45-7.1.20060mlcs4.x86_64.rpm
 070736f9c11739b1636d81244412057f  corporate/4.0/x86_64/mysql-5.0.45-7.1.20060mlcs4.x86_64.rpm
 cefe0f1bbc72355ce777f296b45b5ed3  corporate/4.0/x86_64/mysql-bench-5.0.45-7.1.20060mlcs4.x86_64.rpm
 57e0592185510613cd47c1bafe835f47  corporate/4.0/x86_64/mysql-client-5.0.45-7.1.20060mlcs4.x86_64.rpm
 7588a705de13a66d52f1a917251d6b71  corporate/4.0/x86_64/mysql-common-5.0.45-7.1.20060mlcs4.x86_64.rpm
 24f33b4a948e3187d409c923c574201e  corporate/4.0/x86_64/mysql-max-5.0.45-7.1.20060mlcs4.x86_64.rpm
 00c7d7b67e7ad5428571cfe34472aefb  corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.x86_64.rpm
 994c10d3df42ad91db095ed3455bed75  corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.1.20060mlcs4.x86_64.rpm
 74ec034893fbbc0db4eecd62748f19ab  corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.x86_64.rpm
 d29e8aad80d5ad6bedbcca512700e7d1  corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.x86_64.rpm 
 041dd79dc8f4531524ea7c11386c1eaa  corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHn8bhmqjQ0CJFipgRAmC2AJ9eX48lecJkUaKkXnRAWKIwgmeD8gCgmXjp
4mhVLb87csMrDvR176pf7GI=
=A9gT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ