[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Niafg-0003nL-9M@titan.mandriva.com>
Date: Fri, 19 Feb 2010 22:46:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:044 ] mysql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:044
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : February 19, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
A vulnerabilitiy has been found and corrected in mysql:
MySQL is vulnerable to a symbolic link attack when the data home
directory contains a symlink to a different filesystem which allows
remote authenticated users to bypass intended access restrictions
(CVE-2008-7247).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
2f0b2aa01447c698f4c98a0456a1c69c 2009.1/i586/libmysql16-5.1.42-0.2mdv2009.1.i586.rpm
8b524729396bbb6208a782804dea5548 2009.1/i586/libmysql-devel-5.1.42-0.2mdv2009.1.i586.rpm
8bc0a6b0dc6193de2a12c19bba494de4 2009.1/i586/libmysql-static-devel-5.1.42-0.2mdv2009.1.i586.rpm
44fade6ed7091d45cb982c90c9967b78 2009.1/i586/mysql-5.1.42-0.2mdv2009.1.i586.rpm
2ce15b99962625064261eab3642bcf59 2009.1/i586/mysql-bench-5.1.42-0.2mdv2009.1.i586.rpm
b847bd3413b5b969010defab4e5a40fa 2009.1/i586/mysql-client-5.1.42-0.2mdv2009.1.i586.rpm
74f09051aaa94cb2ca8c9ddb59953eba 2009.1/i586/mysql-common-5.1.42-0.2mdv2009.1.i586.rpm
a184d26f07c87eaa3ef7287b2a855d98 2009.1/i586/mysql-doc-5.1.42-0.2mdv2009.1.i586.rpm
73830cb1bbbe377eeea1df07264c8ef5 2009.1/i586/mysql-max-5.1.42-0.2mdv2009.1.i586.rpm
66824bb460b0297a77a8746ed78cbe99 2009.1/i586/mysql-ndb-extra-5.1.42-0.2mdv2009.1.i586.rpm
59c3dec9fa4dbbc7a885836245a4078e 2009.1/i586/mysql-ndb-management-5.1.42-0.2mdv2009.1.i586.rpm
ae978fcfedd8fae37b8817f10880b419 2009.1/i586/mysql-ndb-storage-5.1.42-0.2mdv2009.1.i586.rpm
ba3da7eb5d0956150a56a3344e3ba55f 2009.1/i586/mysql-ndb-tools-5.1.42-0.2mdv2009.1.i586.rpm
ce22c4431b749422be94f25069d994a0 2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
62ff0176e3ddef7aafbdf750f25b47f8 2009.1/x86_64/lib64mysql16-5.1.42-0.2mdv2009.1.x86_64.rpm
6fbcf2099750cf81ee3452ed5ac0787f 2009.1/x86_64/lib64mysql-devel-5.1.42-0.2mdv2009.1.x86_64.rpm
53d08e3fbd79cea4ed26ff65add9765f 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2009.1.x86_64.rpm
065ad0b6772ed3b7525f30cc82bbc435 2009.1/x86_64/mysql-5.1.42-0.2mdv2009.1.x86_64.rpm
bf07278c7ed2093b6af63972153bfff6 2009.1/x86_64/mysql-bench-5.1.42-0.2mdv2009.1.x86_64.rpm
78b190af22f530856839d81b7409af5a 2009.1/x86_64/mysql-client-5.1.42-0.2mdv2009.1.x86_64.rpm
645331fd75cb84ac64c386c61c190cc5 2009.1/x86_64/mysql-common-5.1.42-0.2mdv2009.1.x86_64.rpm
01b2309cbd090ef9c3fc6fbc69f7a754 2009.1/x86_64/mysql-doc-5.1.42-0.2mdv2009.1.x86_64.rpm
1448a5f6b87f94afb0f8a6e9d84f1ac1 2009.1/x86_64/mysql-max-5.1.42-0.2mdv2009.1.x86_64.rpm
6ba14cb108e5bebbf24a92cb5c6f7ebe 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2009.1.x86_64.rpm
0e759f206b3da3385ef85574353ed9e4 2009.1/x86_64/mysql-ndb-management-5.1.42-0.2mdv2009.1.x86_64.rpm
5af588ba15272f44e0b572a6b4e52478 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2009.1.x86_64.rpm
d6261440010c074d295bb851f9146a9a 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2009.1.x86_64.rpm
ce22c4431b749422be94f25069d994a0 2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm
Mandriva Linux 2010.0:
44b895dce7ed6d97a834aff3406a3ccd 2010.0/i586/libmysql16-5.1.42-0.2mdv2010.0.i586.rpm
4cee478e44331238abdd640aa703b157 2010.0/i586/libmysql-devel-5.1.42-0.2mdv2010.0.i586.rpm
f962b485ef111348268290c8be76b29b 2010.0/i586/libmysql-static-devel-5.1.42-0.2mdv2010.0.i586.rpm
61c112619ffd8a3552a6ecf63970f051 2010.0/i586/mysql-5.1.42-0.2mdv2010.0.i586.rpm
062691f1e77e30bffaea73094b4d0413 2010.0/i586/mysql-bench-5.1.42-0.2mdv2010.0.i586.rpm
056c73a5e74c319f4539768c94d73c4e 2010.0/i586/mysql-client-5.1.42-0.2mdv2010.0.i586.rpm
7624c659c4a3da88e03225999de01469 2010.0/i586/mysql-common-5.1.42-0.2mdv2010.0.i586.rpm
30f34758e898a4a4dcc93d0c1bcb6192 2010.0/i586/mysql-common-core-5.1.42-0.2mdv2010.0.i586.rpm
cb06e6cf42509662b05e26e087c52d41 2010.0/i586/mysql-core-5.1.42-0.2mdv2010.0.i586.rpm
3438d54da48beb3d0380b53a0b78b8cd 2010.0/i586/mysql-doc-5.1.42-0.2mdv2010.0.i586.rpm
c4e2fdc5c0d725cd177b2dcd884d7743 2010.0/i586/mysql-max-5.1.42-0.2mdv2010.0.i586.rpm
f28ece33328a9b3270a1deee90d7cb3f 2010.0/i586/mysql-ndb-extra-5.1.42-0.2mdv2010.0.i586.rpm
43f9b3d2d6c6f3b7babc0a9f65317be2 2010.0/i586/mysql-ndb-management-5.1.42-0.2mdv2010.0.i586.rpm
ba863e83a0ad172dcf6ac45c9e18a397 2010.0/i586/mysql-ndb-storage-5.1.42-0.2mdv2010.0.i586.rpm
a042fd2f1675840827d3cb10956f3b04 2010.0/i586/mysql-ndb-tools-5.1.42-0.2mdv2010.0.i586.rpm
12f6c61720238739fcdd90db0fb51b4f 2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
ea556322b3f13413e7d04563d4d5e7eb 2010.0/x86_64/lib64mysql16-5.1.42-0.2mdv2010.0.x86_64.rpm
aaf281480d6d0151e55f29bc3ef46005 2010.0/x86_64/lib64mysql-devel-5.1.42-0.2mdv2010.0.x86_64.rpm
c1f73b5b14ad2ed5bac67ceed030f2af 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2010.0.x86_64.rpm
1b343c72fbb285e315019d710d9af791 2010.0/x86_64/mysql-5.1.42-0.2mdv2010.0.x86_64.rpm
487b5275268598c2251e052de5547942 2010.0/x86_64/mysql-bench-5.1.42-0.2mdv2010.0.x86_64.rpm
0754d67fbb00d2b605118aa054e3accc 2010.0/x86_64/mysql-client-5.1.42-0.2mdv2010.0.x86_64.rpm
ea39b9654fb2180cea2d4a0cf893679a 2010.0/x86_64/mysql-common-5.1.42-0.2mdv2010.0.x86_64.rpm
332ffbed9bc8e5cd63826d9155e4162b 2010.0/x86_64/mysql-common-core-5.1.42-0.2mdv2010.0.x86_64.rpm
00850c47b9f2517ed3eee285458398d2 2010.0/x86_64/mysql-core-5.1.42-0.2mdv2010.0.x86_64.rpm
a65c273a6be0bba6dee7ba920f018be1 2010.0/x86_64/mysql-doc-5.1.42-0.2mdv2010.0.x86_64.rpm
c2b187a16cedc2bcadd056820d910a88 2010.0/x86_64/mysql-max-5.1.42-0.2mdv2010.0.x86_64.rpm
fe01b52c852b9fd1ab4651c947216be6 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2010.0.x86_64.rpm
77f4079a5c81d128519ed5d80150b0be 2010.0/x86_64/mysql-ndb-management-5.1.42-0.2mdv2010.0.x86_64.rpm
982b7cbaf4751e34067a45003e153adf 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2010.0.x86_64.rpm
75a9f93fdefc6f79018cc067a59e486a 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2010.0.x86_64.rpm
12f6c61720238739fcdd90db0fb51b4f 2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLftsRmqjQ0CJFipgRAmHEAKCjA6517BjWBfNzsLDU/9NbiO/rQgCfY2/Q
/TfbHZh+CXGMdIo5DoK4QXA=
=QhVd
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists