<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           MySQL
 Advisory ID:            MDKSA-2005:036
 Date:                   February 10th, 2005

 Affected versions:      10.0, 10.1, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A temporary file vulnerability in the mysqlaccess script in MySQL was
 discovered by Javier Fernandez-Sanguino Pena.  This flaw could allow
 an unprivileged user to let root overwrite arbitrary files via a
 symlink attack.  It could also be used to view the contents of a
 temporary file which could contain sensitive information.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 50574ec1c70d78d0b4f7da1bd7d7d380  
10.0/RPMS/libmysql12-4.0.18-1.3.100mdk.i586.rpm
 25710d5c4844ca1d123944ac0861bc0f  
10.0/RPMS/libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
 8c056d72fa1d02c231ed321bfa0108af  
10.0/RPMS/libqt3-mysql-3.2.3-19.6.100mdk.i586.rpm
 94dcd13a633ef96a31b0f7da452afed1  10.0/RPMS/MySQL-4.0.18-1.3.100mdk.i586.rpm
 8df8f4a9d6cdce677d630ac134081898  
10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
 bbe03440aa22bdf38204607f290915f8  
10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
 64015efdb83f79c9a1fbedce63ea1f78  
10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.i586.rpm
 5481c9bbc5daf2632c36f6dc7d2521c0  
10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.i586.rpm
 2f8f209e44f7fbe18395e6e815e8cc5b  10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 38bc4a1e8a79ec174569dfdfa98f022d  
amd64/10.0/RPMS/lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
 6c3eea8562548a88e80d98c40af4bc68  
amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
 48feba0f77d5ead04e2226f50595494d  
amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
 7bcddb4ae89e5f1934f272a4c4910dbe  
amd64/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.amd64.rpm
 c503b7cefabdfa0c49b658037190c6c5  
amd64/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
 3815a6a61e37a70e63c3794c6d4ab807  
amd64/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
 aaebba0d883e9abbb2bfa58b19b1a57e  
amd64/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
 353006ae3541483c666416679841c1f6  
amd64/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
 2f8f209e44f7fbe18395e6e815e8cc5b  
amd64/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 bd3a35f3ba7440aa79f3940f20422b19  
10.1/RPMS/libmysql12-4.0.20-3.2.101mdk.i586.rpm
 c3fd2f49a144ec27d8bad808a89cbb31  
10.1/RPMS/libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
 3e2967952b1ddaa05561bf17b88fe24d  
10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
 f6b68d795599ec5a51b2c3c5cf3ada86  10.1/RPMS/MySQL-4.0.20-3.2.101mdk.i586.rpm
 514e962fbfb48e2d6e18baf8c6ad86b8  
10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
 71624f3454fa8892b123104e1e9e7260  
10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
 06fde75abed6b50838161eb95e375135  
10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.i586.rpm
 fd3f8ed0bea7dee2e20fdf09a26c8715  
10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.i586.rpm
 195735730d0535bef4dbe1fbb5c5cec7  10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 841beab56f637c1148348685b39daf6f  
x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
 7aa4b9a407252d5a333cd25b2f11d39d  
x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
 ec4bb6dd0693f48a5960d30d48496839  
x86_64/10.1/RPMS/lib64qt3-mysql-3.3.3-27.1.101mdk.x86_64.rpm
 3e2967952b1ddaa05561bf17b88fe24d  
x86_64/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
 4683c29eac58dfea8c5d2d0aa7afc5e7  
x86_64/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.x86_64.rpm
 31a8ca40e7da9f3b311bff981c3f5614  
x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
 2783b732a61d2eb87422daf0f18913b7  
x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
 f034044d8fda605eeba6db49da02c4c4  
x86_64/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
 ef4ce84d6cc648cf3e3cc938bafa8918  
x86_64/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
 195735730d0535bef4dbe1fbb5c5cec7  
x86_64/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm

 Corporate Server 2.1:
 f4cd6b3d833a0a5d190b7d5defd6f18a  
corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.i586.rpm
 1e2afd78697dfe26bfc9f5327f2f3108  
corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.i586.rpm
 a6f2168c5faffff7872ba6a5c4bc2dd2  
corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.i586.rpm
 7f41d3536345a283812301a9b1416616  
corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.i586.rpm
 c8632bb5f0f31862aa764efe8aedab19  
corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.i586.rpm
 81c7febbb3be7b9c2c6f8eba26f6b040  
corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.i586.rpm
 fbb22ec4f0087ea2df640f2e99786334  
corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d1c474ac0d94e181d9955f33843ea1e5  
x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.x86_64.rpm
 6180ac0c3820243fc97191fc0e388618  
x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.x86_64.rpm
 94629c4d41e9e5b041fd87a10f4626c6  
x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.x86_64.rpm
 7c6e305fbbd13bda3ca09175931452b0  
x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.x86_64.rpm
 4a5697b1822bae029b07e2f1d1907086  
x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.x86_64.rpm
 66c8261cd44333d3457331fe65acb8d5  
x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.x86_64.rpm
 fbb22ec4f0087ea2df640f2e99786334  
x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm

 Corporate 3.0:
 2f0f9a15805949a8b1c4f707b495065a  
corporate/3.0/RPMS/libmysql12-4.0.18-1.3.C30mdk.i586.rpm
 96e08808e0abdb36562d9d1326f024fa  
corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
 e64e068fc62211319dbaa20574ec32cf  
corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.i586.rpm
 18737baa96e918b9319b0f624e8279db  
corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
 e002a2b1053995d8e18a43f1472154d6  
corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
 e6ac405500f65b0ab00ea7238218cea7  
corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
 35b216ccea7ac198c0e855e89789b0b9  
corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
 7fc62e5799ef5dd03aa2cf973dec3220  
corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ec3dd6d37697ef1832afd5abc07ef072  
x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
 486940c54412a6a06ea2985fdd805cc3  
x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
 48feba0f77d5ead04e2226f50595494d  
x86_64/corporate/3.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
 3ca0207824ba315b9856e363831e8238  
x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
 64446e7f63df7df74426a47cf2de6625  
x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
 390c3074eac1aac97b249979fa467741  
x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
 f9b9bb7f21cdd8d53cbad39f37385143  
x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
 870eac0d47223dcf88ee24072e84dfc3  
x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
 7fc62e5799ef5dd03aa2cf973dec3220  
x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/iLmqjQ0CJFipgRAmmVAKCB2tuw8rbCEFKObSVI1zY4d6jY3gCdGCc7
MA8YkCnnBQD3DM3lOTBKTJg=
=OZs0
-----END PGP SIGNATURE-----