[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OARw0-0008Dq-7o@titan.mandriva.com>
Date: Fri, 07 May 2010 20:06:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:093 ] mysql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:093
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : May 7, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered in mysql which would permit mysql users
without any kind of privileges to use the UNINSTALL PLUGIN function.
A problem was discovered in the mysqld init script which under certain
circumstances could cause the service to exit too quickly, giving the [
OK ] status and before the mysql server was really started and bound
to the mysql socket or IP address. This caused a problem for products
like Pulse2.
The corrected packages solves these problems.
_______________________________________________________________________
References:
http://bugs.mysql.com/bug.php?id=51770
https://qa.mandriva.com/58843
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
54006c70afc3e861c4deef24d761370b 2009.1/i586/libmysql16-5.1.42-0.3mdv2009.1.i586.rpm
76dd0e691c8bc3b113a97192b556cabc 2009.1/i586/libmysql-devel-5.1.42-0.3mdv2009.1.i586.rpm
32ab2d4751a47963da3c88b51f1d3fd8 2009.1/i586/libmysql-static-devel-5.1.42-0.3mdv2009.1.i586.rpm
16632ad717aa5a11f2fb74a548859814 2009.1/i586/mysql-5.1.42-0.3mdv2009.1.i586.rpm
7f553d38a23daac410b925ec0094309e 2009.1/i586/mysql-bench-5.1.42-0.3mdv2009.1.i586.rpm
c499f591935b91af8752e4bfaf146f9e 2009.1/i586/mysql-client-5.1.42-0.3mdv2009.1.i586.rpm
b4545700f4afa0a471a8306f99f22249 2009.1/i586/mysql-common-5.1.42-0.3mdv2009.1.i586.rpm
aa2de0e2a3121bc724a84d836033500f 2009.1/i586/mysql-doc-5.1.42-0.3mdv2009.1.i586.rpm
9d79d1d0f9d176a26dd3727e747dfdf5 2009.1/i586/mysql-max-5.1.42-0.3mdv2009.1.i586.rpm
fe2003bac60bb2f388b65eb711f7984a 2009.1/i586/mysql-ndb-extra-5.1.42-0.3mdv2009.1.i586.rpm
ed8b3c6a2f0e25abfc030d3f886f13d1 2009.1/i586/mysql-ndb-management-5.1.42-0.3mdv2009.1.i586.rpm
be6ff43c94502883be9ce176bddbf9b4 2009.1/i586/mysql-ndb-storage-5.1.42-0.3mdv2009.1.i586.rpm
1bacb295ea603908a2f04a6b4b269d31 2009.1/i586/mysql-ndb-tools-5.1.42-0.3mdv2009.1.i586.rpm
a0b096a1669abdc876ef6c01d8c075b5 2009.1/SRPMS/mysql-5.1.42-0.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
61e03c60fec61328da5475cfb7bc4bf4 2009.1/x86_64/lib64mysql16-5.1.42-0.3mdv2009.1.x86_64.rpm
3176c0e87e754759204d0ad1be769a65 2009.1/x86_64/lib64mysql-devel-5.1.42-0.3mdv2009.1.x86_64.rpm
19bbdd8f6d57e4b5bb4a74d4b476f0cf 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.3mdv2009.1.x86_64.rpm
0e80df8a100d82364e7a3323ec892d1f 2009.1/x86_64/mysql-5.1.42-0.3mdv2009.1.x86_64.rpm
d405ffb3e8f65578f54bce2360c78433 2009.1/x86_64/mysql-bench-5.1.42-0.3mdv2009.1.x86_64.rpm
eb7baf714d55aae6ad041cdabdd84dab 2009.1/x86_64/mysql-client-5.1.42-0.3mdv2009.1.x86_64.rpm
90abeaf5a5b218a21567df0a02572232 2009.1/x86_64/mysql-common-5.1.42-0.3mdv2009.1.x86_64.rpm
c7fce8846a34bdac5ad4144d8856043c 2009.1/x86_64/mysql-doc-5.1.42-0.3mdv2009.1.x86_64.rpm
cba5723911fa87d7e7211ab2cdb658f6 2009.1/x86_64/mysql-max-5.1.42-0.3mdv2009.1.x86_64.rpm
98edbde9e1393a275fd45a78fda03b92 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.3mdv2009.1.x86_64.rpm
2f5b6b0b9a6726b7322deb723480c527 2009.1/x86_64/mysql-ndb-management-5.1.42-0.3mdv2009.1.x86_64.rpm
db10798231c42e0304fb75f1f7941728 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.3mdv2009.1.x86_64.rpm
07ca70ad1b446afd873c482cc544d1dc 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2009.1.x86_64.rpm
a0b096a1669abdc876ef6c01d8c075b5 2009.1/SRPMS/mysql-5.1.42-0.3mdv2009.1.src.rpm
Mandriva Linux 2010.0:
be1721e543c3724d35a63aa5f213f8de 2010.0/i586/libmysql16-5.1.42-0.3mdv2010.0.i586.rpm
8e5472cc7afddd745e02fd97fa3e65e3 2010.0/i586/libmysql-devel-5.1.42-0.3mdv2010.0.i586.rpm
2302fb56a522390b97425f6fbef98148 2010.0/i586/libmysql-static-devel-5.1.42-0.3mdv2010.0.i586.rpm
6b3039075fb7828f00f6d5fe3b6f2cc9 2010.0/i586/mysql-5.1.42-0.3mdv2010.0.i586.rpm
8190cae8369824a35c2a84b7463bc11b 2010.0/i586/mysql-bench-5.1.42-0.3mdv2010.0.i586.rpm
bda23f602b5230b994b1b12baec86af1 2010.0/i586/mysql-client-5.1.42-0.3mdv2010.0.i586.rpm
4056f9719c0873d63e46c10597c7d688 2010.0/i586/mysql-common-5.1.42-0.3mdv2010.0.i586.rpm
59826ffe62a040bd84e530e4e5be163f 2010.0/i586/mysql-common-core-5.1.42-0.3mdv2010.0.i586.rpm
6774569d17dd638b8e09a3a0d5b6ea0e 2010.0/i586/mysql-core-5.1.42-0.3mdv2010.0.i586.rpm
c5ecb88a2cdc9b22ee98a90d6b1a9d03 2010.0/i586/mysql-doc-5.1.42-0.3mdv2010.0.i586.rpm
b3c8aaf9e97656f024b5e7f54af0728d 2010.0/i586/mysql-max-5.1.42-0.3mdv2010.0.i586.rpm
2f8a0156d8d2ea7c3e2432ee1600e4c6 2010.0/i586/mysql-ndb-extra-5.1.42-0.3mdv2010.0.i586.rpm
810eb32b04552f831b5ac35f9241356d 2010.0/i586/mysql-ndb-management-5.1.42-0.3mdv2010.0.i586.rpm
fa0670d9eed9803cbc5f40536208c141 2010.0/i586/mysql-ndb-storage-5.1.42-0.3mdv2010.0.i586.rpm
4b0be649cc0a6331b935059f99d27dfb 2010.0/i586/mysql-ndb-tools-5.1.42-0.3mdv2010.0.i586.rpm
04afccfb76f0f88375f9dc6598584f9b 2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
ebd36c904b32a99bdd9ce0e938eb6ef2 2010.0/x86_64/lib64mysql16-5.1.42-0.3mdv2010.0.x86_64.rpm
ffde28d96cfe44d159d3176e1972a6b2 2010.0/x86_64/lib64mysql-devel-5.1.42-0.3mdv2010.0.x86_64.rpm
288915dbebc01d488180362784d1b011 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.3mdv2010.0.x86_64.rpm
e9f1674e68e7ddc8d68ec5c6147e051f 2010.0/x86_64/mysql-5.1.42-0.3mdv2010.0.x86_64.rpm
3aa8d227d757d2a0172c39d22f503fc9 2010.0/x86_64/mysql-bench-5.1.42-0.3mdv2010.0.x86_64.rpm
0d9a788891e0b20c4339c6f8ed0b14ab 2010.0/x86_64/mysql-client-5.1.42-0.3mdv2010.0.x86_64.rpm
373b970d951de243a21451a31154e21d 2010.0/x86_64/mysql-common-5.1.42-0.3mdv2010.0.x86_64.rpm
757bceabfacd191d9b32dce2140025f8 2010.0/x86_64/mysql-common-core-5.1.42-0.3mdv2010.0.x86_64.rpm
78335300c5dfd20ad7c18ee53c8e7549 2010.0/x86_64/mysql-core-5.1.42-0.3mdv2010.0.x86_64.rpm
c8a3554ef62aa6cc8335a7352f2b9ff3 2010.0/x86_64/mysql-doc-5.1.42-0.3mdv2010.0.x86_64.rpm
f3c8489b506b91f2a9dd5ef64dcf9064 2010.0/x86_64/mysql-max-5.1.42-0.3mdv2010.0.x86_64.rpm
44f0b531705bc0d155a24d3847dd0d50 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.3mdv2010.0.x86_64.rpm
1574dda1d6e3717832440c5f94c01816 2010.0/x86_64/mysql-ndb-management-5.1.42-0.3mdv2010.0.x86_64.rpm
ec14aafb931921e75e847d25373f901c 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.3mdv2010.0.x86_64.rpm
7e38f7400e1c96fbb5e24520ab554b4b 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2010.0.x86_64.rpm
04afccfb76f0f88375f9dc6598584f9b 2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL5CnimqjQ0CJFipgRAs+uAJ4qRfD5p0DtrMZZrDeGBaXSrxX08wCgmjhZ
N0qrX52vXppOw/fCprvl584=
=FvOH
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists