MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2005:036
Date: February 10th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A temporary file vulnerability in the mysqlaccess script in MySQL was
discovered by Javier Fernandez-Sanguino Pena. This flaw could allow
an unprivileged user to let root overwrite arbitrary files via a
symlink attack. It could also be used to view the contents of a
temporary file which could contain sensitive information.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
50574ec1c70d78d0b4f7da1bd7d7d380
10.0/RPMS/libmysql12-4.0.18-1.3.100mdk.i586.rpm
25710d5c4844ca1d123944ac0861bc0f
10.0/RPMS/libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
8c056d72fa1d02c231ed321bfa0108af
10.0/RPMS/libqt3-mysql-3.2.3-19.6.100mdk.i586.rpm
94dcd13a633ef96a31b0f7da452afed1 10.0/RPMS/MySQL-4.0.18-1.3.100mdk.i586.rpm
8df8f4a9d6cdce677d630ac134081898
10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
bbe03440aa22bdf38204607f290915f8
10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
64015efdb83f79c9a1fbedce63ea1f78
10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.i586.rpm
5481c9bbc5daf2632c36f6dc7d2521c0
10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.i586.rpm
2f8f209e44f7fbe18395e6e815e8cc5b 10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
38bc4a1e8a79ec174569dfdfa98f022d
amd64/10.0/RPMS/lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
6c3eea8562548a88e80d98c40af4bc68
amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
48feba0f77d5ead04e2226f50595494d
amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
7bcddb4ae89e5f1934f272a4c4910dbe
amd64/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.amd64.rpm
c503b7cefabdfa0c49b658037190c6c5
amd64/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
3815a6a61e37a70e63c3794c6d4ab807
amd64/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
aaebba0d883e9abbb2bfa58b19b1a57e
amd64/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
353006ae3541483c666416679841c1f6
amd64/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
2f8f209e44f7fbe18395e6e815e8cc5b
amd64/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm
Mandrakelinux 10.1:
bd3a35f3ba7440aa79f3940f20422b19
10.1/RPMS/libmysql12-4.0.20-3.2.101mdk.i586.rpm
c3fd2f49a144ec27d8bad808a89cbb31
10.1/RPMS/libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
3e2967952b1ddaa05561bf17b88fe24d
10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
f6b68d795599ec5a51b2c3c5cf3ada86 10.1/RPMS/MySQL-4.0.20-3.2.101mdk.i586.rpm
514e962fbfb48e2d6e18baf8c6ad86b8
10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
71624f3454fa8892b123104e1e9e7260
10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
06fde75abed6b50838161eb95e375135
10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.i586.rpm
fd3f8ed0bea7dee2e20fdf09a26c8715
10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.i586.rpm
195735730d0535bef4dbe1fbb5c5cec7 10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
841beab56f637c1148348685b39daf6f
x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
7aa4b9a407252d5a333cd25b2f11d39d
x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
ec4bb6dd0693f48a5960d30d48496839
x86_64/10.1/RPMS/lib64qt3-mysql-3.3.3-27.1.101mdk.x86_64.rpm
3e2967952b1ddaa05561bf17b88fe24d
x86_64/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
4683c29eac58dfea8c5d2d0aa7afc5e7
x86_64/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.x86_64.rpm
31a8ca40e7da9f3b311bff981c3f5614
x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
2783b732a61d2eb87422daf0f18913b7
x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
f034044d8fda605eeba6db49da02c4c4
x86_64/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
ef4ce84d6cc648cf3e3cc938bafa8918
x86_64/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
195735730d0535bef4dbe1fbb5c5cec7
x86_64/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm
Corporate Server 2.1:
f4cd6b3d833a0a5d190b7d5defd6f18a
corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.i586.rpm
1e2afd78697dfe26bfc9f5327f2f3108
corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.i586.rpm
a6f2168c5faffff7872ba6a5c4bc2dd2
corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.i586.rpm
7f41d3536345a283812301a9b1416616
corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.i586.rpm
c8632bb5f0f31862aa764efe8aedab19
corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.i586.rpm
81c7febbb3be7b9c2c6f8eba26f6b040
corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.i586.rpm
fbb22ec4f0087ea2df640f2e99786334
corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d1c474ac0d94e181d9955f33843ea1e5
x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.x86_64.rpm
6180ac0c3820243fc97191fc0e388618
x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.x86_64.rpm
94629c4d41e9e5b041fd87a10f4626c6
x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.x86_64.rpm
7c6e305fbbd13bda3ca09175931452b0
x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.x86_64.rpm
4a5697b1822bae029b07e2f1d1907086
x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.x86_64.rpm
66c8261cd44333d3457331fe65acb8d5
x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.x86_64.rpm
fbb22ec4f0087ea2df640f2e99786334
x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm
Corporate 3.0:
2f0f9a15805949a8b1c4f707b495065a
corporate/3.0/RPMS/libmysql12-4.0.18-1.3.C30mdk.i586.rpm
96e08808e0abdb36562d9d1326f024fa
corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
e64e068fc62211319dbaa20574ec32cf
corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.i586.rpm
18737baa96e918b9319b0f624e8279db
corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
e002a2b1053995d8e18a43f1472154d6
corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
e6ac405500f65b0ab00ea7238218cea7
corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
35b216ccea7ac198c0e855e89789b0b9
corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
7fc62e5799ef5dd03aa2cf973dec3220
corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
ec3dd6d37697ef1832afd5abc07ef072
x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
486940c54412a6a06ea2985fdd805cc3
x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
48feba0f77d5ead04e2226f50595494d
x86_64/corporate/3.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
3ca0207824ba315b9856e363831e8238
x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
64446e7f63df7df74426a47cf2de6625
x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
390c3074eac1aac97b249979fa467741
x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
f9b9bb7f21cdd8d53cbad39f37385143
x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
870eac0d47223dcf88ee24072e84dfc3
x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
7fc62e5799ef5dd03aa2cf973dec3220
x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCC/iLmqjQ0CJFipgRAmmVAKCB2tuw8rbCEFKObSVI1zY4d6jY3gCdGCc7
MA8YkCnnBQD3DM3lOTBKTJg=
=OZs0
-----END PGP SIGNATURE-----