MDKSA-2003:094 - Updated MySQL packages fix buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2003:094
Date: September 18th, 2003
Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1
________________________________________________________________________
Problem Description:
A buffer overflow was discovered in MySQL that could be executed by any
user with "ALTER TABLE" privileges on the "mysql" database. If
successfully exploited, the attacker could execute arbitrary code with
the privileges of the user running the mysqld process (mysqld). The
"mysql" database is used by MySQL for internal record keeping and by
default only the "root" user, or MySQL administrative account, has
permission to alter its tables.
This vulnerability was corrected in MySQL 4.0.15 and all previous
versions are vulnerable. These packages have been patched to correct
the problem.
________________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009819.html
________________________________________________________________________
Updated Packages:
Corporate Server 2.1:
a5b26c78065992c17ee8a5a4e70cd86c
corporate/2.1/RPMS/MySQL-3.23.56-1.4mdk.i586.rpm
ddab095d7a05aadf9df8c567106048f7
corporate/2.1/RPMS/MySQL-Max-3.23.56-1.4mdk.i586.rpm
976aa2ae6708e05ab530ef99e594ad7c
corporate/2.1/RPMS/MySQL-bench-3.23.56-1.4mdk.i586.rpm
f5f2bc5b51ea1f7fc8b75522f5847212
corporate/2.1/RPMS/MySQL-client-3.23.56-1.4mdk.i586.rpm
f3b68760fc14e323968128d2dd2a2424
corporate/2.1/RPMS/libmysql10-3.23.56-1.4mdk.i586.rpm
736921df70148f22ac2bf476f65a40e1
corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.4mdk.i586.rpm
f5117c9dd321fb2316454e6d1517a26c
corporate/2.1/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm
Corporate Server 2.1/x86_64:
db49e2a673e2d7035c4254b4f362d7ba
x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.4mdk.x86_64.rpm
54ce8bc1925e6c3e77e5423efc1eb8db
x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.4mdk.x86_64.rpm
b12cdc078e5fe6cd1a446b1c2989105d
x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.4mdk.x86_64.rpm
bcc9eb20d536d3cb11987de2c73979c1
x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.4mdk.x86_64.rpm
ca05b51ed47aeb9f025364aeae0deb40
x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.4mdk.x86_64.rpm
df3d171bbc930cc741b4b9e927b27b1c
x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.4mdk.x86_64.rpm
f5117c9dd321fb2316454e6d1517a26c
x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm
Mandrake Linux 8.2:
33068edb004e974dc2f315b88c6cc590 8.2/RPMS/MySQL-3.23.47-5.5mdk.i586.rpm
1d1d8d91f74b93edb22d40f1588bda30 8.2/RPMS/MySQL-bench-3.23.47-5.5mdk.i586.rpm
ccefbcd92d003631f911924c78ba5c26 8.2/RPMS/MySQL-client-3.23.47-5.5mdk.i586.rpm
4888d5aebdd32d9f4cb3fd9beb639864 8.2/RPMS/libmysql10-3.23.47-5.5mdk.i586.rpm
e012e7d183509b0a7f20d965d6f867e8
8.2/RPMS/libmysql10-devel-3.23.47-5.5mdk.i586.rpm
e6ac76b4b1e3b10f4f29b52bd07b0290 8.2/SRPMS/MySQL-3.23.47-5.5mdk.src.rpm
Mandrake Linux 8.2/PPC:
71901d706aef93067cf46f0e3bdd2347 ppc/8.2/RPMS/MySQL-3.23.47-5.5mdk.ppc.rpm
09fc8ebcc7269b298887a09443308c81
ppc/8.2/RPMS/MySQL-bench-3.23.47-5.5mdk.ppc.rpm
b2d82052b870b9b22a06763932400d27
ppc/8.2/RPMS/MySQL-client-3.23.47-5.5mdk.ppc.rpm
995685714e0c14c0ec69a3b010e30f8e
ppc/8.2/RPMS/libmysql10-3.23.47-5.5mdk.ppc.rpm
d815cd44b55da1cb9410fd51afe8816d
ppc/8.2/RPMS/libmysql10-devel-3.23.47-5.5mdk.ppc.rpm
e6ac76b4b1e3b10f4f29b52bd07b0290 ppc/8.2/SRPMS/MySQL-3.23.47-5.5mdk.src.rpm
Mandrake Linux 9.0:
a5b26c78065992c17ee8a5a4e70cd86c 9.0/RPMS/MySQL-3.23.56-1.4mdk.i586.rpm
ddab095d7a05aadf9df8c567106048f7 9.0/RPMS/MySQL-Max-3.23.56-1.4mdk.i586.rpm
976aa2ae6708e05ab530ef99e594ad7c 9.0/RPMS/MySQL-bench-3.23.56-1.4mdk.i586.rpm
f5f2bc5b51ea1f7fc8b75522f5847212 9.0/RPMS/MySQL-client-3.23.56-1.4mdk.i586.rpm
f3b68760fc14e323968128d2dd2a2424 9.0/RPMS/libmysql10-3.23.56-1.4mdk.i586.rpm
736921df70148f22ac2bf476f65a40e1
9.0/RPMS/libmysql10-devel-3.23.56-1.4mdk.i586.rpm
f5117c9dd321fb2316454e6d1517a26c 9.0/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm
Mandrake Linux 9.1:
b20d36a855f8f0e087e47fec91a3ce91 9.1/RPMS/MySQL-4.0.11a-5.1mdk.i586.rpm
7c8a41466b97a28ffbb1fba78f9e2f0b 9.1/RPMS/MySQL-Max-4.0.11a-5.1mdk.i586.rpm
231c9f602fafb2c142b7f02753f8c3eb 9.1/RPMS/MySQL-bench-4.0.11a-5.1mdk.i586.rpm
ade857592838f3908d69578475bf6bcd 9.1/RPMS/MySQL-client-4.0.11a-5.1mdk.i586.rpm
f8d439bec4e97f4f4efb13617875707a 9.1/RPMS/MySQL-common-4.0.11a-5.1mdk.i586.rpm
7ed8a377e95b39805f7313ac46f881b8 9.1/RPMS/libmysql12-4.0.11a-5.1mdk.i586.rpm
61bc73d27c7f9a37a58532795d3411d4
9.1/RPMS/libmysql12-devel-4.0.11a-5.1mdk.i586.rpm
e122ba5f17a01c92c07d8220120b8ab1 9.1/SRPMS/MySQL-4.0.11a-5.1mdk.src.rpm
Mandrake Linux 9.1/PPC:
dbcaaee7d1e1f802ced35da3c6190305 ppc/9.1/RPMS/MySQL-4.0.11a-5.1mdk.ppc.rpm
0521fee096dedee3eb791bd6a92bf796 ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.1mdk.ppc.rpm
c1ca4c9d4155e153b119a9cfde27cbea
ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.1mdk.ppc.rpm
2d38805e5057e566d8e50cd543749f99
ppc/9.1/RPMS/MySQL-client-4.0.11a-5.1mdk.ppc.rpm
9a1dd2b49a2a40ac16c73dec01cb1a4f
ppc/9.1/RPMS/MySQL-common-4.0.11a-5.1mdk.ppc.rpm
960bf6b6c8cb542d201f5813dcc9e933
ppc/9.1/RPMS/libmysql12-4.0.11a-5.1mdk.ppc.rpm
0ef8dd187b998aef5414ff8c7793e836
ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.1mdk.ppc.rpm
e122ba5f17a01c92c07d8220120b8ab1 ppc/9.1/SRPMS/MySQL-4.0.11a-5.1mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/aogRmqjQ0CJFipgRAmgUAJ9y9pm5zdp/DzhqHSAqbfnThntOGgCg7jeO
odycyq7p9VSZv6iaWSOOjqI=
=cSN6
-----END PGP SIGNATURE-----