lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OARw0-0008Dq-7o@titan.mandriva.com>
Date: Fri, 07 May 2010 20:06:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:093 ] mysql


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:093
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : May 7, 2010
 Affected: 2009.1, 2010.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in mysql which would permit mysql users
 without any kind of privileges to use the UNINSTALL PLUGIN function.
 
 A problem was discovered in the mysqld init script which under certain
 circumstances could cause the service to exit too quickly, giving the [
 OK ] status and before the mysql server was really started and bound
 to the mysql socket or IP address. This caused a problem for products
 like Pulse2.
 
 The corrected packages solves these problems.
 _______________________________________________________________________

 References:

 http://bugs.mysql.com/bug.php?id=51770
 https://qa.mandriva.com/58843
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 54006c70afc3e861c4deef24d761370b  2009.1/i586/libmysql16-5.1.42-0.3mdv2009.1.i586.rpm
 76dd0e691c8bc3b113a97192b556cabc  2009.1/i586/libmysql-devel-5.1.42-0.3mdv2009.1.i586.rpm
 32ab2d4751a47963da3c88b51f1d3fd8  2009.1/i586/libmysql-static-devel-5.1.42-0.3mdv2009.1.i586.rpm
 16632ad717aa5a11f2fb74a548859814  2009.1/i586/mysql-5.1.42-0.3mdv2009.1.i586.rpm
 7f553d38a23daac410b925ec0094309e  2009.1/i586/mysql-bench-5.1.42-0.3mdv2009.1.i586.rpm
 c499f591935b91af8752e4bfaf146f9e  2009.1/i586/mysql-client-5.1.42-0.3mdv2009.1.i586.rpm
 b4545700f4afa0a471a8306f99f22249  2009.1/i586/mysql-common-5.1.42-0.3mdv2009.1.i586.rpm
 aa2de0e2a3121bc724a84d836033500f  2009.1/i586/mysql-doc-5.1.42-0.3mdv2009.1.i586.rpm
 9d79d1d0f9d176a26dd3727e747dfdf5  2009.1/i586/mysql-max-5.1.42-0.3mdv2009.1.i586.rpm
 fe2003bac60bb2f388b65eb711f7984a  2009.1/i586/mysql-ndb-extra-5.1.42-0.3mdv2009.1.i586.rpm
 ed8b3c6a2f0e25abfc030d3f886f13d1  2009.1/i586/mysql-ndb-management-5.1.42-0.3mdv2009.1.i586.rpm
 be6ff43c94502883be9ce176bddbf9b4  2009.1/i586/mysql-ndb-storage-5.1.42-0.3mdv2009.1.i586.rpm
 1bacb295ea603908a2f04a6b4b269d31  2009.1/i586/mysql-ndb-tools-5.1.42-0.3mdv2009.1.i586.rpm 
 a0b096a1669abdc876ef6c01d8c075b5  2009.1/SRPMS/mysql-5.1.42-0.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 61e03c60fec61328da5475cfb7bc4bf4  2009.1/x86_64/lib64mysql16-5.1.42-0.3mdv2009.1.x86_64.rpm
 3176c0e87e754759204d0ad1be769a65  2009.1/x86_64/lib64mysql-devel-5.1.42-0.3mdv2009.1.x86_64.rpm
 19bbdd8f6d57e4b5bb4a74d4b476f0cf  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.3mdv2009.1.x86_64.rpm
 0e80df8a100d82364e7a3323ec892d1f  2009.1/x86_64/mysql-5.1.42-0.3mdv2009.1.x86_64.rpm
 d405ffb3e8f65578f54bce2360c78433  2009.1/x86_64/mysql-bench-5.1.42-0.3mdv2009.1.x86_64.rpm
 eb7baf714d55aae6ad041cdabdd84dab  2009.1/x86_64/mysql-client-5.1.42-0.3mdv2009.1.x86_64.rpm
 90abeaf5a5b218a21567df0a02572232  2009.1/x86_64/mysql-common-5.1.42-0.3mdv2009.1.x86_64.rpm
 c7fce8846a34bdac5ad4144d8856043c  2009.1/x86_64/mysql-doc-5.1.42-0.3mdv2009.1.x86_64.rpm
 cba5723911fa87d7e7211ab2cdb658f6  2009.1/x86_64/mysql-max-5.1.42-0.3mdv2009.1.x86_64.rpm
 98edbde9e1393a275fd45a78fda03b92  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.3mdv2009.1.x86_64.rpm
 2f5b6b0b9a6726b7322deb723480c527  2009.1/x86_64/mysql-ndb-management-5.1.42-0.3mdv2009.1.x86_64.rpm
 db10798231c42e0304fb75f1f7941728  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.3mdv2009.1.x86_64.rpm
 07ca70ad1b446afd873c482cc544d1dc  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2009.1.x86_64.rpm 
 a0b096a1669abdc876ef6c01d8c075b5  2009.1/SRPMS/mysql-5.1.42-0.3mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 be1721e543c3724d35a63aa5f213f8de  2010.0/i586/libmysql16-5.1.42-0.3mdv2010.0.i586.rpm
 8e5472cc7afddd745e02fd97fa3e65e3  2010.0/i586/libmysql-devel-5.1.42-0.3mdv2010.0.i586.rpm
 2302fb56a522390b97425f6fbef98148  2010.0/i586/libmysql-static-devel-5.1.42-0.3mdv2010.0.i586.rpm
 6b3039075fb7828f00f6d5fe3b6f2cc9  2010.0/i586/mysql-5.1.42-0.3mdv2010.0.i586.rpm
 8190cae8369824a35c2a84b7463bc11b  2010.0/i586/mysql-bench-5.1.42-0.3mdv2010.0.i586.rpm
 bda23f602b5230b994b1b12baec86af1  2010.0/i586/mysql-client-5.1.42-0.3mdv2010.0.i586.rpm
 4056f9719c0873d63e46c10597c7d688  2010.0/i586/mysql-common-5.1.42-0.3mdv2010.0.i586.rpm
 59826ffe62a040bd84e530e4e5be163f  2010.0/i586/mysql-common-core-5.1.42-0.3mdv2010.0.i586.rpm
 6774569d17dd638b8e09a3a0d5b6ea0e  2010.0/i586/mysql-core-5.1.42-0.3mdv2010.0.i586.rpm
 c5ecb88a2cdc9b22ee98a90d6b1a9d03  2010.0/i586/mysql-doc-5.1.42-0.3mdv2010.0.i586.rpm
 b3c8aaf9e97656f024b5e7f54af0728d  2010.0/i586/mysql-max-5.1.42-0.3mdv2010.0.i586.rpm
 2f8a0156d8d2ea7c3e2432ee1600e4c6  2010.0/i586/mysql-ndb-extra-5.1.42-0.3mdv2010.0.i586.rpm
 810eb32b04552f831b5ac35f9241356d  2010.0/i586/mysql-ndb-management-5.1.42-0.3mdv2010.0.i586.rpm
 fa0670d9eed9803cbc5f40536208c141  2010.0/i586/mysql-ndb-storage-5.1.42-0.3mdv2010.0.i586.rpm
 4b0be649cc0a6331b935059f99d27dfb  2010.0/i586/mysql-ndb-tools-5.1.42-0.3mdv2010.0.i586.rpm 
 04afccfb76f0f88375f9dc6598584f9b  2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 ebd36c904b32a99bdd9ce0e938eb6ef2  2010.0/x86_64/lib64mysql16-5.1.42-0.3mdv2010.0.x86_64.rpm
 ffde28d96cfe44d159d3176e1972a6b2  2010.0/x86_64/lib64mysql-devel-5.1.42-0.3mdv2010.0.x86_64.rpm
 288915dbebc01d488180362784d1b011  2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.3mdv2010.0.x86_64.rpm
 e9f1674e68e7ddc8d68ec5c6147e051f  2010.0/x86_64/mysql-5.1.42-0.3mdv2010.0.x86_64.rpm
 3aa8d227d757d2a0172c39d22f503fc9  2010.0/x86_64/mysql-bench-5.1.42-0.3mdv2010.0.x86_64.rpm
 0d9a788891e0b20c4339c6f8ed0b14ab  2010.0/x86_64/mysql-client-5.1.42-0.3mdv2010.0.x86_64.rpm
 373b970d951de243a21451a31154e21d  2010.0/x86_64/mysql-common-5.1.42-0.3mdv2010.0.x86_64.rpm
 757bceabfacd191d9b32dce2140025f8  2010.0/x86_64/mysql-common-core-5.1.42-0.3mdv2010.0.x86_64.rpm
 78335300c5dfd20ad7c18ee53c8e7549  2010.0/x86_64/mysql-core-5.1.42-0.3mdv2010.0.x86_64.rpm
 c8a3554ef62aa6cc8335a7352f2b9ff3  2010.0/x86_64/mysql-doc-5.1.42-0.3mdv2010.0.x86_64.rpm
 f3c8489b506b91f2a9dd5ef64dcf9064  2010.0/x86_64/mysql-max-5.1.42-0.3mdv2010.0.x86_64.rpm
 44f0b531705bc0d155a24d3847dd0d50  2010.0/x86_64/mysql-ndb-extra-5.1.42-0.3mdv2010.0.x86_64.rpm
 1574dda1d6e3717832440c5f94c01816  2010.0/x86_64/mysql-ndb-management-5.1.42-0.3mdv2010.0.x86_64.rpm
 ec14aafb931921e75e847d25373f901c  2010.0/x86_64/mysql-ndb-storage-5.1.42-0.3mdv2010.0.x86_64.rpm
 7e38f7400e1c96fbb5e24520ab554b4b  2010.0/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2010.0.x86_64.rpm 
 04afccfb76f0f88375f9dc6598584f9b  2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL5CnimqjQ0CJFipgRAs+uAJ4qRfD5p0DtrMZZrDeGBaXSrxX08wCgmjhZ
N0qrX52vXppOw/fCprvl584=
=FvOH
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ