lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Niafg-0003nL-9M@titan.mandriva.com>
Date: Fri, 19 Feb 2010 22:46:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:044 ] mysql


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:044
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : February 19, 2010
 Affected: 2009.1, 2010.0
 _______________________________________________________________________

 Problem Description:

 A vulnerabilitiy has been found and corrected in mysql:
 
 MySQL is vulnerable to a symbolic link attack when the data home
 directory contains a symlink to a different filesystem which allows
 remote authenticated users to bypass intended access restrictions
 (CVE-2008-7247).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 2f0b2aa01447c698f4c98a0456a1c69c  2009.1/i586/libmysql16-5.1.42-0.2mdv2009.1.i586.rpm
 8b524729396bbb6208a782804dea5548  2009.1/i586/libmysql-devel-5.1.42-0.2mdv2009.1.i586.rpm
 8bc0a6b0dc6193de2a12c19bba494de4  2009.1/i586/libmysql-static-devel-5.1.42-0.2mdv2009.1.i586.rpm
 44fade6ed7091d45cb982c90c9967b78  2009.1/i586/mysql-5.1.42-0.2mdv2009.1.i586.rpm
 2ce15b99962625064261eab3642bcf59  2009.1/i586/mysql-bench-5.1.42-0.2mdv2009.1.i586.rpm
 b847bd3413b5b969010defab4e5a40fa  2009.1/i586/mysql-client-5.1.42-0.2mdv2009.1.i586.rpm
 74f09051aaa94cb2ca8c9ddb59953eba  2009.1/i586/mysql-common-5.1.42-0.2mdv2009.1.i586.rpm
 a184d26f07c87eaa3ef7287b2a855d98  2009.1/i586/mysql-doc-5.1.42-0.2mdv2009.1.i586.rpm
 73830cb1bbbe377eeea1df07264c8ef5  2009.1/i586/mysql-max-5.1.42-0.2mdv2009.1.i586.rpm
 66824bb460b0297a77a8746ed78cbe99  2009.1/i586/mysql-ndb-extra-5.1.42-0.2mdv2009.1.i586.rpm
 59c3dec9fa4dbbc7a885836245a4078e  2009.1/i586/mysql-ndb-management-5.1.42-0.2mdv2009.1.i586.rpm
 ae978fcfedd8fae37b8817f10880b419  2009.1/i586/mysql-ndb-storage-5.1.42-0.2mdv2009.1.i586.rpm
 ba3da7eb5d0956150a56a3344e3ba55f  2009.1/i586/mysql-ndb-tools-5.1.42-0.2mdv2009.1.i586.rpm 
 ce22c4431b749422be94f25069d994a0  2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 62ff0176e3ddef7aafbdf750f25b47f8  2009.1/x86_64/lib64mysql16-5.1.42-0.2mdv2009.1.x86_64.rpm
 6fbcf2099750cf81ee3452ed5ac0787f  2009.1/x86_64/lib64mysql-devel-5.1.42-0.2mdv2009.1.x86_64.rpm
 53d08e3fbd79cea4ed26ff65add9765f  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2009.1.x86_64.rpm
 065ad0b6772ed3b7525f30cc82bbc435  2009.1/x86_64/mysql-5.1.42-0.2mdv2009.1.x86_64.rpm
 bf07278c7ed2093b6af63972153bfff6  2009.1/x86_64/mysql-bench-5.1.42-0.2mdv2009.1.x86_64.rpm
 78b190af22f530856839d81b7409af5a  2009.1/x86_64/mysql-client-5.1.42-0.2mdv2009.1.x86_64.rpm
 645331fd75cb84ac64c386c61c190cc5  2009.1/x86_64/mysql-common-5.1.42-0.2mdv2009.1.x86_64.rpm
 01b2309cbd090ef9c3fc6fbc69f7a754  2009.1/x86_64/mysql-doc-5.1.42-0.2mdv2009.1.x86_64.rpm
 1448a5f6b87f94afb0f8a6e9d84f1ac1  2009.1/x86_64/mysql-max-5.1.42-0.2mdv2009.1.x86_64.rpm
 6ba14cb108e5bebbf24a92cb5c6f7ebe  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2009.1.x86_64.rpm
 0e759f206b3da3385ef85574353ed9e4  2009.1/x86_64/mysql-ndb-management-5.1.42-0.2mdv2009.1.x86_64.rpm
 5af588ba15272f44e0b572a6b4e52478  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2009.1.x86_64.rpm
 d6261440010c074d295bb851f9146a9a  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2009.1.x86_64.rpm 
 ce22c4431b749422be94f25069d994a0  2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 44b895dce7ed6d97a834aff3406a3ccd  2010.0/i586/libmysql16-5.1.42-0.2mdv2010.0.i586.rpm
 4cee478e44331238abdd640aa703b157  2010.0/i586/libmysql-devel-5.1.42-0.2mdv2010.0.i586.rpm
 f962b485ef111348268290c8be76b29b  2010.0/i586/libmysql-static-devel-5.1.42-0.2mdv2010.0.i586.rpm
 61c112619ffd8a3552a6ecf63970f051  2010.0/i586/mysql-5.1.42-0.2mdv2010.0.i586.rpm
 062691f1e77e30bffaea73094b4d0413  2010.0/i586/mysql-bench-5.1.42-0.2mdv2010.0.i586.rpm
 056c73a5e74c319f4539768c94d73c4e  2010.0/i586/mysql-client-5.1.42-0.2mdv2010.0.i586.rpm
 7624c659c4a3da88e03225999de01469  2010.0/i586/mysql-common-5.1.42-0.2mdv2010.0.i586.rpm
 30f34758e898a4a4dcc93d0c1bcb6192  2010.0/i586/mysql-common-core-5.1.42-0.2mdv2010.0.i586.rpm
 cb06e6cf42509662b05e26e087c52d41  2010.0/i586/mysql-core-5.1.42-0.2mdv2010.0.i586.rpm
 3438d54da48beb3d0380b53a0b78b8cd  2010.0/i586/mysql-doc-5.1.42-0.2mdv2010.0.i586.rpm
 c4e2fdc5c0d725cd177b2dcd884d7743  2010.0/i586/mysql-max-5.1.42-0.2mdv2010.0.i586.rpm
 f28ece33328a9b3270a1deee90d7cb3f  2010.0/i586/mysql-ndb-extra-5.1.42-0.2mdv2010.0.i586.rpm
 43f9b3d2d6c6f3b7babc0a9f65317be2  2010.0/i586/mysql-ndb-management-5.1.42-0.2mdv2010.0.i586.rpm
 ba863e83a0ad172dcf6ac45c9e18a397  2010.0/i586/mysql-ndb-storage-5.1.42-0.2mdv2010.0.i586.rpm
 a042fd2f1675840827d3cb10956f3b04  2010.0/i586/mysql-ndb-tools-5.1.42-0.2mdv2010.0.i586.rpm 
 12f6c61720238739fcdd90db0fb51b4f  2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 ea556322b3f13413e7d04563d4d5e7eb  2010.0/x86_64/lib64mysql16-5.1.42-0.2mdv2010.0.x86_64.rpm
 aaf281480d6d0151e55f29bc3ef46005  2010.0/x86_64/lib64mysql-devel-5.1.42-0.2mdv2010.0.x86_64.rpm
 c1f73b5b14ad2ed5bac67ceed030f2af  2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2010.0.x86_64.rpm
 1b343c72fbb285e315019d710d9af791  2010.0/x86_64/mysql-5.1.42-0.2mdv2010.0.x86_64.rpm
 487b5275268598c2251e052de5547942  2010.0/x86_64/mysql-bench-5.1.42-0.2mdv2010.0.x86_64.rpm
 0754d67fbb00d2b605118aa054e3accc  2010.0/x86_64/mysql-client-5.1.42-0.2mdv2010.0.x86_64.rpm
 ea39b9654fb2180cea2d4a0cf893679a  2010.0/x86_64/mysql-common-5.1.42-0.2mdv2010.0.x86_64.rpm
 332ffbed9bc8e5cd63826d9155e4162b  2010.0/x86_64/mysql-common-core-5.1.42-0.2mdv2010.0.x86_64.rpm
 00850c47b9f2517ed3eee285458398d2  2010.0/x86_64/mysql-core-5.1.42-0.2mdv2010.0.x86_64.rpm
 a65c273a6be0bba6dee7ba920f018be1  2010.0/x86_64/mysql-doc-5.1.42-0.2mdv2010.0.x86_64.rpm
 c2b187a16cedc2bcadd056820d910a88  2010.0/x86_64/mysql-max-5.1.42-0.2mdv2010.0.x86_64.rpm
 fe01b52c852b9fd1ab4651c947216be6  2010.0/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2010.0.x86_64.rpm
 77f4079a5c81d128519ed5d80150b0be  2010.0/x86_64/mysql-ndb-management-5.1.42-0.2mdv2010.0.x86_64.rpm
 982b7cbaf4751e34067a45003e153adf  2010.0/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2010.0.x86_64.rpm
 75a9f93fdefc6f79018cc067a59e486a  2010.0/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2010.0.x86_64.rpm 
 12f6c61720238739fcdd90db0fb51b4f  2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLftsRmqjQ0CJFipgRAmHEAKCjA6517BjWBfNzsLDU/9NbiO/rQgCfY2/Q
/TfbHZh+CXGMdIo5DoK4QXA=
=QhVd
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ