lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVRyf-0002ye-3c@titan.mandriva.com>
Date: Mon, 27 Jul 2009 17:19:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:159 ] mysql


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:159
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : July 27, 2009
 Affected: 2008.1, 2009.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in mysql:
 
 Multiple format string vulnerabilities in the dispatch_command function
 in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
 remote authenticated users to cause a denial of service (daemon crash)
 and possibly have unspecified other impact via format string specifiers
 in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
 NOTE: some of these details are obtained from third party information
 (CVE-2009-2446).
 
 This update provides fixes for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 3628f8975e928e87a1a364cf8817a200  2008.1/i586/libmysql15-5.0.51a-8.3mdv2008.1.i586.rpm
 317c6543ab44b98981a426a61da15726  2008.1/i586/libmysql-devel-5.0.51a-8.3mdv2008.1.i586.rpm
 2c38fa4add8cb3b2ee751dc552309e99  2008.1/i586/libmysql-static-devel-5.0.51a-8.3mdv2008.1.i586.rpm
 c8e3a790a4062d9af0da3f2561478e85  2008.1/i586/mysql-5.0.51a-8.3mdv2008.1.i586.rpm
 65daf3337e7089633a9e9f6b00a9cdf7  2008.1/i586/mysql-bench-5.0.51a-8.3mdv2008.1.i586.rpm
 941ae80135f17328d5cd56b9acf193c9  2008.1/i586/mysql-client-5.0.51a-8.3mdv2008.1.i586.rpm
 ae37b0e87a93a5b84c6b591c9d5d42d5  2008.1/i586/mysql-common-5.0.51a-8.3mdv2008.1.i586.rpm
 9c5028a0999ae2ac20d911660d88cf1e  2008.1/i586/mysql-doc-5.0.51a-8.3mdv2008.1.i586.rpm
 2a5b92da25ed9f19ec26d61eeb479990  2008.1/i586/mysql-max-5.0.51a-8.3mdv2008.1.i586.rpm
 801f996c1a66cb3b93bf7d62761cb492  2008.1/i586/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.i586.rpm
 0083b276c3045f240de7d75aedaca226  2008.1/i586/mysql-ndb-management-5.0.51a-8.3mdv2008.1.i586.rpm
 1b83044a362c90b6c7a2a78ce495d9ec  2008.1/i586/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.i586.rpm
 4aa47c32b6e7863e1f52eb428bab87ff  2008.1/i586/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.i586.rpm 
 79bdf79636fcd2a542195f4356b10611  2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 9f1ea47fd375a6755064c258785c73f0  2008.1/x86_64/lib64mysql15-5.0.51a-8.3mdv2008.1.x86_64.rpm
 d7444208199082e58a85b46b7e5bbbc4  2008.1/x86_64/lib64mysql-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm
 369e6f95263472abd215281d1966d92f  2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm
 9909dc719a779a2c66436ee41833547f  2008.1/x86_64/mysql-5.0.51a-8.3mdv2008.1.x86_64.rpm
 3860325b02a80e9a63be97c4fd9108c8  2008.1/x86_64/mysql-bench-5.0.51a-8.3mdv2008.1.x86_64.rpm
 d9b3b6929bd24b1d6e875feed8c1a957  2008.1/x86_64/mysql-client-5.0.51a-8.3mdv2008.1.x86_64.rpm
 9979f82c4d640a2dd7d74f600c428004  2008.1/x86_64/mysql-common-5.0.51a-8.3mdv2008.1.x86_64.rpm
 4af8c7ceff4bc8f4ed65826d2f2da519  2008.1/x86_64/mysql-doc-5.0.51a-8.3mdv2008.1.x86_64.rpm
 b56aee4f26e9ec7136994047348c0c34  2008.1/x86_64/mysql-max-5.0.51a-8.3mdv2008.1.x86_64.rpm
 be02d59a3060287436bbc95c97adca80  2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.x86_64.rpm
 5bf5715866f49b050972d937f1c8757c  2008.1/x86_64/mysql-ndb-management-5.0.51a-8.3mdv2008.1.x86_64.rpm
 a136e3d9956101149e56dde69578c37b  2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.x86_64.rpm
 2149c675079fea5e03590d3d7491fab9  2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.x86_64.rpm 
 79bdf79636fcd2a542195f4356b10611  2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 1e1a4b7883da6c70286855443dda32cb  2009.0/i586/libmysql15-5.0.84-0.2mdv2009.0.i586.rpm
 7380d8d6c3f80d79bd4be3bef6b113de  2009.0/i586/libmysql-devel-5.0.84-0.2mdv2009.0.i586.rpm
 0c8154607d3aac68a8d282230d887990  2009.0/i586/libmysql-static-devel-5.0.84-0.2mdv2009.0.i586.rpm
 d00b5d9c4c4b6b78a107a3cdcb00a547  2009.0/i586/mysql-5.0.84-0.2mdv2009.0.i586.rpm
 3feacd18010b9330fe33e491a30fa9c0  2009.0/i586/mysql-bench-5.0.84-0.2mdv2009.0.i586.rpm
 34cbf21dccbeb564d690ce7c66d2698d  2009.0/i586/mysql-client-5.0.84-0.2mdv2009.0.i586.rpm
 21ee0b85c276823c1fb31d06d41aa70f  2009.0/i586/mysql-common-5.0.84-0.2mdv2009.0.i586.rpm
 2aea7e8563c35718d32323b8916b6e93  2009.0/i586/mysql-doc-5.0.84-0.2mdv2009.0.i586.rpm
 7dc25b1c7389c3714d7bbe36d3abf15b  2009.0/i586/mysql-max-5.0.84-0.2mdv2009.0.i586.rpm
 5927407ea622f6d1414da51e03d74f2a  2009.0/i586/mysql-ndb-extra-5.0.84-0.2mdv2009.0.i586.rpm
 2b8b1c7f01b3ab187ec85d4b2e66606a  2009.0/i586/mysql-ndb-management-5.0.84-0.2mdv2009.0.i586.rpm
 32e6d1ab9f1c46d87caad9d103f398ff  2009.0/i586/mysql-ndb-storage-5.0.84-0.2mdv2009.0.i586.rpm
 8c1ca3484eb9c11daef1ff9c2668f7c0  2009.0/i586/mysql-ndb-tools-5.0.84-0.2mdv2009.0.i586.rpm 
 d2c6899e2d639e0a46d8468bc84454ac  2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 96d17c2e7d0f687e560408318bc4bb20  2009.0/x86_64/lib64mysql15-5.0.84-0.2mdv2009.0.x86_64.rpm
 e93a2aa64a311c4e73b27a673562065f  2009.0/x86_64/lib64mysql-devel-5.0.84-0.2mdv2009.0.x86_64.rpm
 c6d39ceeb9da025e8826ae4f6f923c0e  2009.0/x86_64/lib64mysql-static-devel-5.0.84-0.2mdv2009.0.x86_64.rpm
 ed0ce425ab15be6634d920c3ffcbbbea  2009.0/x86_64/mysql-5.0.84-0.2mdv2009.0.x86_64.rpm
 2ea3cdd5e28a55e90807cf8f6e6c5d3f  2009.0/x86_64/mysql-bench-5.0.84-0.2mdv2009.0.x86_64.rpm
 7a8561ea92a9a7f0fe143150a17fa5f1  2009.0/x86_64/mysql-client-5.0.84-0.2mdv2009.0.x86_64.rpm
 f5a5087df04f186e0f9182b09341b890  2009.0/x86_64/mysql-common-5.0.84-0.2mdv2009.0.x86_64.rpm
 fe07c0ecffe297f10c9222426726b95a  2009.0/x86_64/mysql-doc-5.0.84-0.2mdv2009.0.x86_64.rpm
 c66db51ab2cd89b03ea9d5b9a3dc5f5b  2009.0/x86_64/mysql-max-5.0.84-0.2mdv2009.0.x86_64.rpm
 d4e14940c621ad3e1eb3ed0f64420914  2009.0/x86_64/mysql-ndb-extra-5.0.84-0.2mdv2009.0.x86_64.rpm
 a5bbe12755b6806496af42b8d35adb1e  2009.0/x86_64/mysql-ndb-management-5.0.84-0.2mdv2009.0.x86_64.rpm
 6e22d8f4b91cd5f3e4c74ecf9a6b3fe2  2009.0/x86_64/mysql-ndb-storage-5.0.84-0.2mdv2009.0.x86_64.rpm
 06b51526843f1b5fcaec98de6466839b  2009.0/x86_64/mysql-ndb-tools-5.0.84-0.2mdv2009.0.x86_64.rpm 
 d2c6899e2d639e0a46d8468bc84454ac  2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm

 Corporate 4.0:
 1b9557c9b34f969025cf5663c6acd640  corporate/4.0/i586/libmysql15-5.0.45-7.4.20060mlcs4.i586.rpm
 4c9a7d5e769aecf8206d5cc357517508  corporate/4.0/i586/libmysql-devel-5.0.45-7.4.20060mlcs4.i586.rpm
 2298bdc856aea199adb18d7fd0e199a8  corporate/4.0/i586/libmysql-static-devel-5.0.45-7.4.20060mlcs4.i586.rpm
 11694d6eacad6031184d39f09c1a743b  corporate/4.0/i586/mysql-5.0.45-7.4.20060mlcs4.i586.rpm
 26d5f2972f74bebd927365c6b8aea29f  corporate/4.0/i586/mysql-bench-5.0.45-7.4.20060mlcs4.i586.rpm
 15bbcbec5d99ab7b2c579e1bd70e890a  corporate/4.0/i586/mysql-client-5.0.45-7.4.20060mlcs4.i586.rpm
 05bbf10154ab61f70b7d1bef96e433d5  corporate/4.0/i586/mysql-common-5.0.45-7.4.20060mlcs4.i586.rpm
 79815e2645924f5540fff00163e0d6ac  corporate/4.0/i586/mysql-max-5.0.45-7.4.20060mlcs4.i586.rpm
 8ce00c54f3d5a5ae7520a14ba4a6d31d  corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.i586.rpm
 a13afdcc0e7529eb7049d10ad6753fc7  corporate/4.0/i586/mysql-ndb-management-5.0.45-7.4.20060mlcs4.i586.rpm
 cff43be291e117fd094c6de3ee717072  corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.i586.rpm
 7d9b9210ebfd965704439c7a6a82ac0b  corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.i586.rpm 
 1ca36aca6b2c65a6aea62dca2495139a  corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 dbf87e065578c19b64d466df96a58aac  corporate/4.0/x86_64/lib64mysql15-5.0.45-7.4.20060mlcs4.x86_64.rpm
 efbdc741f009ee171677c6ee751cc074  corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm
 a56e2f968ecf9cefa2e569b722ebf438  corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm
 263540907d7352253e74c8d9e7867830  corporate/4.0/x86_64/mysql-5.0.45-7.4.20060mlcs4.x86_64.rpm
 f18d3a07e6bea0469fc9f403b9863e1d  corporate/4.0/x86_64/mysql-bench-5.0.45-7.4.20060mlcs4.x86_64.rpm
 30b41d78a46daf5109c2f30e38edc2fe  corporate/4.0/x86_64/mysql-client-5.0.45-7.4.20060mlcs4.x86_64.rpm
 fe1c6a7df34ae07f58ceb2b4f5ab8e1d  corporate/4.0/x86_64/mysql-common-5.0.45-7.4.20060mlcs4.x86_64.rpm
 ce5658bb011633365c74f359d5c5aa83  corporate/4.0/x86_64/mysql-max-5.0.45-7.4.20060mlcs4.x86_64.rpm
 037669a1be7b9a411adb6e87db77e31f  corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.x86_64.rpm
 7c6c390912be084c419d4a73b79f7099  corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.4.20060mlcs4.x86_64.rpm
 02c2dbaf8f0346142d3865824aa7567c  corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.x86_64.rpm
 6d89669e649f898e1f35d2aa74e713f4  corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.x86_64.rpm 
 1ca36aca6b2c65a6aea62dca2495139a  corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKbZg6mqjQ0CJFipgRAtcHAKC/1zd95+nBqZs3vzdTTMVjUrtYdQCeMeyi
M+BzL6689hE/cOwX7jSm0gw=
=4Yy8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ