[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVRyf-0002ye-3c@titan.mandriva.com>
Date: Mon, 27 Jul 2009 17:19:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:159 ] mysql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:159
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : July 27, 2009
Affected: 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in mysql:
Multiple format string vulnerabilities in the dispatch_command function
in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
remote authenticated users to cause a denial of service (daemon crash)
and possibly have unspecified other impact via format string specifiers
in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
NOTE: some of these details are obtained from third party information
(CVE-2009-2446).
This update provides fixes for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
3628f8975e928e87a1a364cf8817a200 2008.1/i586/libmysql15-5.0.51a-8.3mdv2008.1.i586.rpm
317c6543ab44b98981a426a61da15726 2008.1/i586/libmysql-devel-5.0.51a-8.3mdv2008.1.i586.rpm
2c38fa4add8cb3b2ee751dc552309e99 2008.1/i586/libmysql-static-devel-5.0.51a-8.3mdv2008.1.i586.rpm
c8e3a790a4062d9af0da3f2561478e85 2008.1/i586/mysql-5.0.51a-8.3mdv2008.1.i586.rpm
65daf3337e7089633a9e9f6b00a9cdf7 2008.1/i586/mysql-bench-5.0.51a-8.3mdv2008.1.i586.rpm
941ae80135f17328d5cd56b9acf193c9 2008.1/i586/mysql-client-5.0.51a-8.3mdv2008.1.i586.rpm
ae37b0e87a93a5b84c6b591c9d5d42d5 2008.1/i586/mysql-common-5.0.51a-8.3mdv2008.1.i586.rpm
9c5028a0999ae2ac20d911660d88cf1e 2008.1/i586/mysql-doc-5.0.51a-8.3mdv2008.1.i586.rpm
2a5b92da25ed9f19ec26d61eeb479990 2008.1/i586/mysql-max-5.0.51a-8.3mdv2008.1.i586.rpm
801f996c1a66cb3b93bf7d62761cb492 2008.1/i586/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.i586.rpm
0083b276c3045f240de7d75aedaca226 2008.1/i586/mysql-ndb-management-5.0.51a-8.3mdv2008.1.i586.rpm
1b83044a362c90b6c7a2a78ce495d9ec 2008.1/i586/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.i586.rpm
4aa47c32b6e7863e1f52eb428bab87ff 2008.1/i586/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.i586.rpm
79bdf79636fcd2a542195f4356b10611 2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
9f1ea47fd375a6755064c258785c73f0 2008.1/x86_64/lib64mysql15-5.0.51a-8.3mdv2008.1.x86_64.rpm
d7444208199082e58a85b46b7e5bbbc4 2008.1/x86_64/lib64mysql-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm
369e6f95263472abd215281d1966d92f 2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm
9909dc719a779a2c66436ee41833547f 2008.1/x86_64/mysql-5.0.51a-8.3mdv2008.1.x86_64.rpm
3860325b02a80e9a63be97c4fd9108c8 2008.1/x86_64/mysql-bench-5.0.51a-8.3mdv2008.1.x86_64.rpm
d9b3b6929bd24b1d6e875feed8c1a957 2008.1/x86_64/mysql-client-5.0.51a-8.3mdv2008.1.x86_64.rpm
9979f82c4d640a2dd7d74f600c428004 2008.1/x86_64/mysql-common-5.0.51a-8.3mdv2008.1.x86_64.rpm
4af8c7ceff4bc8f4ed65826d2f2da519 2008.1/x86_64/mysql-doc-5.0.51a-8.3mdv2008.1.x86_64.rpm
b56aee4f26e9ec7136994047348c0c34 2008.1/x86_64/mysql-max-5.0.51a-8.3mdv2008.1.x86_64.rpm
be02d59a3060287436bbc95c97adca80 2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.x86_64.rpm
5bf5715866f49b050972d937f1c8757c 2008.1/x86_64/mysql-ndb-management-5.0.51a-8.3mdv2008.1.x86_64.rpm
a136e3d9956101149e56dde69578c37b 2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.x86_64.rpm
2149c675079fea5e03590d3d7491fab9 2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.x86_64.rpm
79bdf79636fcd2a542195f4356b10611 2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
1e1a4b7883da6c70286855443dda32cb 2009.0/i586/libmysql15-5.0.84-0.2mdv2009.0.i586.rpm
7380d8d6c3f80d79bd4be3bef6b113de 2009.0/i586/libmysql-devel-5.0.84-0.2mdv2009.0.i586.rpm
0c8154607d3aac68a8d282230d887990 2009.0/i586/libmysql-static-devel-5.0.84-0.2mdv2009.0.i586.rpm
d00b5d9c4c4b6b78a107a3cdcb00a547 2009.0/i586/mysql-5.0.84-0.2mdv2009.0.i586.rpm
3feacd18010b9330fe33e491a30fa9c0 2009.0/i586/mysql-bench-5.0.84-0.2mdv2009.0.i586.rpm
34cbf21dccbeb564d690ce7c66d2698d 2009.0/i586/mysql-client-5.0.84-0.2mdv2009.0.i586.rpm
21ee0b85c276823c1fb31d06d41aa70f 2009.0/i586/mysql-common-5.0.84-0.2mdv2009.0.i586.rpm
2aea7e8563c35718d32323b8916b6e93 2009.0/i586/mysql-doc-5.0.84-0.2mdv2009.0.i586.rpm
7dc25b1c7389c3714d7bbe36d3abf15b 2009.0/i586/mysql-max-5.0.84-0.2mdv2009.0.i586.rpm
5927407ea622f6d1414da51e03d74f2a 2009.0/i586/mysql-ndb-extra-5.0.84-0.2mdv2009.0.i586.rpm
2b8b1c7f01b3ab187ec85d4b2e66606a 2009.0/i586/mysql-ndb-management-5.0.84-0.2mdv2009.0.i586.rpm
32e6d1ab9f1c46d87caad9d103f398ff 2009.0/i586/mysql-ndb-storage-5.0.84-0.2mdv2009.0.i586.rpm
8c1ca3484eb9c11daef1ff9c2668f7c0 2009.0/i586/mysql-ndb-tools-5.0.84-0.2mdv2009.0.i586.rpm
d2c6899e2d639e0a46d8468bc84454ac 2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
96d17c2e7d0f687e560408318bc4bb20 2009.0/x86_64/lib64mysql15-5.0.84-0.2mdv2009.0.x86_64.rpm
e93a2aa64a311c4e73b27a673562065f 2009.0/x86_64/lib64mysql-devel-5.0.84-0.2mdv2009.0.x86_64.rpm
c6d39ceeb9da025e8826ae4f6f923c0e 2009.0/x86_64/lib64mysql-static-devel-5.0.84-0.2mdv2009.0.x86_64.rpm
ed0ce425ab15be6634d920c3ffcbbbea 2009.0/x86_64/mysql-5.0.84-0.2mdv2009.0.x86_64.rpm
2ea3cdd5e28a55e90807cf8f6e6c5d3f 2009.0/x86_64/mysql-bench-5.0.84-0.2mdv2009.0.x86_64.rpm
7a8561ea92a9a7f0fe143150a17fa5f1 2009.0/x86_64/mysql-client-5.0.84-0.2mdv2009.0.x86_64.rpm
f5a5087df04f186e0f9182b09341b890 2009.0/x86_64/mysql-common-5.0.84-0.2mdv2009.0.x86_64.rpm
fe07c0ecffe297f10c9222426726b95a 2009.0/x86_64/mysql-doc-5.0.84-0.2mdv2009.0.x86_64.rpm
c66db51ab2cd89b03ea9d5b9a3dc5f5b 2009.0/x86_64/mysql-max-5.0.84-0.2mdv2009.0.x86_64.rpm
d4e14940c621ad3e1eb3ed0f64420914 2009.0/x86_64/mysql-ndb-extra-5.0.84-0.2mdv2009.0.x86_64.rpm
a5bbe12755b6806496af42b8d35adb1e 2009.0/x86_64/mysql-ndb-management-5.0.84-0.2mdv2009.0.x86_64.rpm
6e22d8f4b91cd5f3e4c74ecf9a6b3fe2 2009.0/x86_64/mysql-ndb-storage-5.0.84-0.2mdv2009.0.x86_64.rpm
06b51526843f1b5fcaec98de6466839b 2009.0/x86_64/mysql-ndb-tools-5.0.84-0.2mdv2009.0.x86_64.rpm
d2c6899e2d639e0a46d8468bc84454ac 2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm
Corporate 4.0:
1b9557c9b34f969025cf5663c6acd640 corporate/4.0/i586/libmysql15-5.0.45-7.4.20060mlcs4.i586.rpm
4c9a7d5e769aecf8206d5cc357517508 corporate/4.0/i586/libmysql-devel-5.0.45-7.4.20060mlcs4.i586.rpm
2298bdc856aea199adb18d7fd0e199a8 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.4.20060mlcs4.i586.rpm
11694d6eacad6031184d39f09c1a743b corporate/4.0/i586/mysql-5.0.45-7.4.20060mlcs4.i586.rpm
26d5f2972f74bebd927365c6b8aea29f corporate/4.0/i586/mysql-bench-5.0.45-7.4.20060mlcs4.i586.rpm
15bbcbec5d99ab7b2c579e1bd70e890a corporate/4.0/i586/mysql-client-5.0.45-7.4.20060mlcs4.i586.rpm
05bbf10154ab61f70b7d1bef96e433d5 corporate/4.0/i586/mysql-common-5.0.45-7.4.20060mlcs4.i586.rpm
79815e2645924f5540fff00163e0d6ac corporate/4.0/i586/mysql-max-5.0.45-7.4.20060mlcs4.i586.rpm
8ce00c54f3d5a5ae7520a14ba4a6d31d corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.i586.rpm
a13afdcc0e7529eb7049d10ad6753fc7 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.4.20060mlcs4.i586.rpm
cff43be291e117fd094c6de3ee717072 corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.i586.rpm
7d9b9210ebfd965704439c7a6a82ac0b corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.i586.rpm
1ca36aca6b2c65a6aea62dca2495139a corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
dbf87e065578c19b64d466df96a58aac corporate/4.0/x86_64/lib64mysql15-5.0.45-7.4.20060mlcs4.x86_64.rpm
efbdc741f009ee171677c6ee751cc074 corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm
a56e2f968ecf9cefa2e569b722ebf438 corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm
263540907d7352253e74c8d9e7867830 corporate/4.0/x86_64/mysql-5.0.45-7.4.20060mlcs4.x86_64.rpm
f18d3a07e6bea0469fc9f403b9863e1d corporate/4.0/x86_64/mysql-bench-5.0.45-7.4.20060mlcs4.x86_64.rpm
30b41d78a46daf5109c2f30e38edc2fe corporate/4.0/x86_64/mysql-client-5.0.45-7.4.20060mlcs4.x86_64.rpm
fe1c6a7df34ae07f58ceb2b4f5ab8e1d corporate/4.0/x86_64/mysql-common-5.0.45-7.4.20060mlcs4.x86_64.rpm
ce5658bb011633365c74f359d5c5aa83 corporate/4.0/x86_64/mysql-max-5.0.45-7.4.20060mlcs4.x86_64.rpm
037669a1be7b9a411adb6e87db77e31f corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.x86_64.rpm
7c6c390912be084c419d4a73b79f7099 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.4.20060mlcs4.x86_64.rpm
02c2dbaf8f0346142d3865824aa7567c corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.x86_64.rpm
6d89669e649f898e1f35d2aa74e713f4 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.x86_64.rpm
1ca36aca6b2c65a6aea62dca2495139a corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKbZg6mqjQ0CJFipgRAtcHAKC/1zd95+nBqZs3vzdTTMVjUrtYdQCeMeyi
M+BzL6689hE/cOwX7jSm0gw=
=4Yy8
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists