MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2004:119
Date: November 1st, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of problems have been discovered in the MySQL database server:
Jeroen van Wolffelaar discovered an insecure temporary file
vulnerability in the mysqlhotcopy script when using the scp method
(CAN-2004-0457).
Oleksandr Byelkin discovered that the "ALTER TABLE ... RENAME" would
check the CREATE/INSERT rights of the old table rather than the new
one (CAN-2004-0835).
Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect
function (CAN-2004-0836).
Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION can cause the server to
crash or stall (CAN-2004-0837).
The updated MySQL packages have been patched to protect against these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
http://bugs.mysql.com/bug.php?id=3270
http://bugs.mysql.com/bug.php?id=4017
http://bugs.mysql.com/bug.php?id=2408
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
f680ccd6ecdd9abc77496c71ce02d70b 10.0/RPMS/MySQL-4.0.18-1.2.100mdk.i586.rpm
30c0c2b64243f1b9ac300eb52062d303
10.0/RPMS/MySQL-Max-4.0.18-1.2.100mdk.i586.rpm
8618a5f416cf30cd527be1f42763210f
10.0/RPMS/MySQL-bench-4.0.18-1.2.100mdk.i586.rpm
b6d07c7d09e405e174311024e098de1b
10.0/RPMS/MySQL-client-4.0.18-1.2.100mdk.i586.rpm
b28337d115d733eb280d7fe5659bcc5a
10.0/RPMS/MySQL-common-4.0.18-1.2.100mdk.i586.rpm
66536b18fc371f756a61496d90340a7b
10.0/RPMS/libmysql12-4.0.18-1.2.100mdk.i586.rpm
befe1dbf68fcbc0b9300af93ec9b9d57
10.0/RPMS/libmysql12-devel-4.0.18-1.2.100mdk.i586.rpm
188e63d83d403f4c4c11ae7487cf45ac 10.0/SRPMS/MySQL-4.0.18-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
491712aed8839a408cd2e3a5ca088668
amd64/10.0/RPMS/MySQL-4.0.18-1.2.100mdk.amd64.rpm
d579b376ed0da8d42dc1adb1a472a923
amd64/10.0/RPMS/MySQL-Max-4.0.18-1.2.100mdk.amd64.rpm
b0b056e3a247c2187a09eec2b5c666a3
amd64/10.0/RPMS/MySQL-bench-4.0.18-1.2.100mdk.amd64.rpm
44fc8c891ea9e75ed10918c52e29ddd7
amd64/10.0/RPMS/MySQL-client-4.0.18-1.2.100mdk.amd64.rpm
df20d5582e78629ff86e27499a72b0b7
amd64/10.0/RPMS/MySQL-common-4.0.18-1.2.100mdk.amd64.rpm
79af2d7adb19e2a0df48c8d0765914fe
amd64/10.0/RPMS/lib64mysql12-4.0.18-1.2.100mdk.amd64.rpm
a5e44db419bb47f1169deb3af54f9d48
amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.2.100mdk.amd64.rpm
188e63d83d403f4c4c11ae7487cf45ac
amd64/10.0/SRPMS/MySQL-4.0.18-1.2.100mdk.src.rpm
Mandrakelinux 10.1:
0241fc97ccebf80f02f573404cc7f01b 10.1/RPMS/MySQL-4.0.20-3.1.101mdk.i586.rpm
fb27d0a9d916a63d4c8143c7ae181ef0
10.1/RPMS/MySQL-Max-4.0.20-3.1.101mdk.i586.rpm
758d3b52cf32d0fb1114199eb7e65247
10.1/RPMS/MySQL-bench-4.0.20-3.1.101mdk.i586.rpm
1df5f23ef2ea4f9456323dc7925d0790
10.1/RPMS/MySQL-client-4.0.20-3.1.101mdk.i586.rpm
61d8e14939e9dcc9bf8b9207e7a4bd60
10.1/RPMS/MySQL-common-4.0.20-3.1.101mdk.i586.rpm
ee21d69bf2275f8933ca0c91c5af5b98
10.1/RPMS/libmysql12-4.0.20-3.1.101mdk.i586.rpm
9c64006cb87de169f43ad8f78b1b1c47
10.1/RPMS/libmysql12-devel-4.0.20-3.1.101mdk.i586.rpm
a3b194caf4c67c8fa6f881d5577aabba 10.1/SRPMS/MySQL-4.0.20-3.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
214a6acbb0fb3e8398111a6d30ac4082
x86_64/10.1/RPMS/MySQL-4.0.20-3.1.101mdk.x86_64.rpm
72ad37fa4cd99254d399e725c44b5681
x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.1.101mdk.x86_64.rpm
c98fd317bc3a2387801c440626459f4e
x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.1.101mdk.x86_64.rpm
3141d5e2fa8ca10f94c3501e10e0d00f
x86_64/10.1/RPMS/MySQL-client-4.0.20-3.1.101mdk.x86_64.rpm
57f74802dbc5a4912dd926ec748d53a4
x86_64/10.1/RPMS/MySQL-common-4.0.20-3.1.101mdk.x86_64.rpm
ab48d1099a5077e763b9d11c373369b4
x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.1.101mdk.x86_64.rpm
2f0846107ddaa0d7c6c389add0dbd6d5
x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.1.101mdk.x86_64.rpm
a3b194caf4c67c8fa6f881d5577aabba
x86_64/10.1/SRPMS/MySQL-4.0.20-3.1.101mdk.src.rpm
Corporate Server 2.1:
6a3d3652bcf1b9b213cb12b22abfa297
corporate/2.1/RPMS/MySQL-3.23.56-1.6.C21mdk.i586.rpm
c819f40d6afef344e3fbfd50f13e4adb
corporate/2.1/RPMS/MySQL-Max-3.23.56-1.6.C21mdk.i586.rpm
c3bf86fe33f2e1f80ba53817fe23ed60
corporate/2.1/RPMS/MySQL-bench-3.23.56-1.6.C21mdk.i586.rpm
2296ca45f742f6ad4fe0f12827bc7e69
corporate/2.1/RPMS/MySQL-client-3.23.56-1.6.C21mdk.i586.rpm
7cdd06d76012d329ffb1b8c05af8ce22
corporate/2.1/RPMS/libmysql10-3.23.56-1.6.C21mdk.i586.rpm
6b8784affa68c19199753877a7127c93
corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.6.C21mdk.i586.rpm
537ee31b2c8b6c0c006d07bea8aad1a8
corporate/2.1/SRPMS/MySQL-3.23.56-1.6.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
b308f0d13fabf30b0c73b6a62bae42d2
x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.6.C21mdk.x86_64.rpm
d1681268b5c2d3d5865585d517001aff
x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.6.C21mdk.x86_64.rpm
d508c3f565f294d319e8da215a622eeb
x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.6.C21mdk.x86_64.rpm
20219356f5a1256eb5d4543e30fa3ce4
x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.6.C21mdk.x86_64.rpm
aac8add3fe8beee70f9b3048a7372ab0
x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.6.C21mdk.x86_64.rpm
cb7d3ebab5149514909633609b47fab1
x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.6.C21mdk.x86_64.rpm
537ee31b2c8b6c0c006d07bea8aad1a8
x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.6.C21mdk.src.rpm
Mandrakelinux 9.2:
8a874159baa33853754001a99e1cdd10 9.2/RPMS/MySQL-4.0.15-1.2.92mdk.i586.rpm
ea88058a50c8f170c35b070f8843d1dd 9.2/RPMS/MySQL-Max-4.0.15-1.2.92mdk.i586.rpm
686a188b99e75f2e44c7be5fc49313bb
9.2/RPMS/MySQL-bench-4.0.15-1.2.92mdk.i586.rpm
077b2f4785ec2af1a0886baf0dd5742d
9.2/RPMS/MySQL-client-4.0.15-1.2.92mdk.i586.rpm
e2622344b092c71e68f6be668d2b00a1
9.2/RPMS/MySQL-common-4.0.15-1.2.92mdk.i586.rpm
a1a485e1de88013571f6c2ea0417f1f8 9.2/RPMS/libmysql12-4.0.15-1.2.92mdk.i586.rpm
46b3cfd41057fd6ad674555f1cd2e786
9.2/RPMS/libmysql12-devel-4.0.15-1.2.92mdk.i586.rpm
d040b231845bf2035905fcdeec142650 9.2/SRPMS/MySQL-4.0.15-1.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
e8a1259267471c9f47b812aa80782a7f
amd64/9.2/RPMS/MySQL-4.0.15-1.2.92mdk.amd64.rpm
4545590ffd9eb4995807a4c37762d966
amd64/9.2/RPMS/MySQL-Max-4.0.15-1.2.92mdk.amd64.rpm
e85c26267ae0847e982b848bcae82715
amd64/9.2/RPMS/MySQL-bench-4.0.15-1.2.92mdk.amd64.rpm
f1ea2226a633f792d70ecb4508a50bc2
amd64/9.2/RPMS/MySQL-client-4.0.15-1.2.92mdk.amd64.rpm
4aa99ef449ebe42466adbdbf99e2f588
amd64/9.2/RPMS/MySQL-common-4.0.15-1.2.92mdk.amd64.rpm
b92a3b4fa52f27e9e92b9d8691f6bf9e
amd64/9.2/RPMS/lib64mysql12-4.0.15-1.2.92mdk.amd64.rpm
410e1737c0cff17eba69081894c91bcd
amd64/9.2/RPMS/lib64mysql12-devel-4.0.15-1.2.92mdk.amd64.rpm
d040b231845bf2035905fcdeec142650
amd64/9.2/SRPMS/MySQL-4.0.15-1.2.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBhtK2mqjQ0CJFipgRAtMSAKDIv5E7k98RpCTjzSG6R2iGNt4zaQCeLP6r
p5cZUZjNxjAKW833kuof644=
=vUSB
-----END PGP SIGNATURE-----