-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I get an incorrect md5sum for this package: 106480fe6f5d56513a4fd77592d5a8e88a9c4825 redhat/9/updates/SRPMS/mysql-3.23.58-1.90.5.legacy.src.rpm didn't check the others... $ md5sum mysql-3.23.58-1.90.5.legacy.src.rpm a75573a4ce3e865f3b682ff8f65f41a7 mysql-3.23.58-1.90.5.legacy.src.rpm Is this a mistake or the package was changed? fedora-legacy-announce@xxxxxxxxxx wrote: > --------------------------------------------------------------------- > Fedora Legacy Update Advisory > > Synopsis: Updated mysql packages fix security issues > Advisory ID: FLSA:2129 > Issue date: 2005-03-24 > Product: Red Hat Linux, Fedora Core > Keywords: Bugfix > Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2129 > CVE Names: CAN-2004-0381 CAN-2004-0388 CAN-2004-0457 > CAN-2004-0835 CAN-2004-0836 CAN-2004-0837 > CAN-2004-0957 CAN-2005-0004 > --------------------------------------------------------------------- > > > --------------------------------------------------------------------- > 1. Topic: > > Updated mysql packages that fix various security issues are now > available. > > MySQL is a multi-user, multi-threaded SQL database server. > > 2. Relevant releases/architectures: > > Red Hat Linux 7.3 - i386 > Red Hat Linux 9 - i386 > Fedora Core 1 - i386 > > 3. Problem description: > > This update fixes a number of potential security problems associated > with careless handling of temporary files. The Common Vulnerabilities > and Exposures project (cve.mitre.org) has assigned the names > CAN-2004-0381, CAN-2004-0388, CAN-2004-0457, and CAN-2005-0004 to these > issues. > > Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked > the CREATE/INSERT rights of the old table instead of the new one. The > Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CAN-2004-0835 to this issue. > > Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect > function. In order to exploit this issue an attacker would need to force > the use of a malicious DNS server (CAN-2004-0836). > > Dean Ellis discovered that multiple threads ALTERing the same (or > different) MERGE tables to change the UNION could cause the server to > crash or stall (CAN-2004-0837). > > Sergei Golubchik discovered that if a user is granted privileges to a > database with a name containing an underscore ("_"), the user also gains > the ability to grant privileges to other databases with similar names > (CAN-2004-0957). > > All users of mysql should upgrade to these updated packages, which > resolve these issues. > > 4. Solution: > > Before applying this update, make sure all previously released errata > relevant to your system have been applied. > > To update all RPMs for your particular architecture, run: > > rpm -Fvh [filenames] > > where [filenames] is a list of the RPMs you wish to upgrade. Only those > RPMs which are currently installed will be updated. Those RPMs which > are not installed but included in the list will not be updated. Note > that you can also use wildcards (*.rpm) if your current directory *only* > contains the desired RPMs. > > Please note that this update is also available via yum and apt. Many > people find this an easier way to apply updates. To use yum issue: > > yum update > > or to use apt: > > apt-get update; apt-get upgrade > > This will start an interactive process that will result in the > appropriate RPMs being upgraded on your system. This assumes that you > have yum or apt-get configured for obtaining Fedora Legacy content. > Please visit http://www.fedoralegacy.org/docs for directions on how to > configure yum and apt-get. > > 5. Bug IDs fixed: > > http://bugzilla.fedora.us - bug #2129 - MySQL Remote Buffer Overflow > > 6. RPMs required: > > Red Hat Linux 7.3: > > SRPM: > http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mysql-3.23.58-1.73.5.legacy.src.rpm > > > i386: > http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-3.23.58-1.73.5.legacy.i386.rpm > > http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-devel-3.23.58-1.73.5.legacy.i386.rpm > > http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-server-3.23.58-1.73.5.legacy.i386.rpm > > > Red Hat Linux 9: > > SRPM: > http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mysql-3.23.58-1.90.5.legacy.src.rpm > > > i386: > http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-3.23.58-1.90.5.legacy.i386.rpm > > http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-devel-3.23.58-1.90.5.legacy.i386.rpm > > http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-server-3.23.58-1.90.5.legacy.i386.rpm > > > Fedora Core 1: > > SRPM: > http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mysql-3.23.58-4.3.legacy.src.rpm > > > i386: > http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-3.23.58-4.3.legacy.i386.rpm > > http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-bench-3.23.58-4.3.legacy.i386.rpm > > http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-devel-3.23.58-4.3.legacy.i386.rpm > > http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-server-3.23.58-4.3.legacy.i386.rpm > > > 7. Verification: > > SHA1 sum Package Name > --------------------------------------------------------------------- > > 04ef0f04b389f7f9fc5bb46f35f81e8503a463ba > redhat/7.3/updates/i386/mysql-3.23.58-1.73.5.legacy.i386.rpm > 879f133178898835609ec305988b473e7221f825 > redhat/7.3/updates/i386/mysql-devel-3.23.58-1.73.5.legacy.i386.rpm > 9258ee1dd63f878c376a4e8a4f28e6dc8be11600 > redhat/7.3/updates/i386/mysql-server-3.23.58-1.73.5.legacy.i386.rpm > f8dfbc8e8992bb56c1f8ba9f6917ab0fb11d0e80 > redhat/7.3/updates/SRPMS/mysql-3.23.58-1.73.5.legacy.src.rpm > 246af76de738268375fee9c066efdabdc5a01f73 > redhat/9/updates/i386/mysql-3.23.58-1.90.5.legacy.i386.rpm > 22b584c92e81cd29086fa2335910ba5b67d22711 > redhat/9/updates/i386/mysql-devel-3.23.58-1.90.5.legacy.i386.rpm > 4fe21cae92371b5a3ed79858ec5432807bf2cee4 > redhat/9/updates/i386/mysql-server-3.23.58-1.90.5.legacy.i386.rpm > 106480fe6f5d56513a4fd77592d5a8e88a9c4825 > redhat/9/updates/SRPMS/mysql-3.23.58-1.90.5.legacy.src.rpm > 509f1caeef89bb626334be27e13c4269cc00ca75 > fedora/1/updates/i386/mysql-3.23.58-4.3.legacy.i386.rpm > 7e0bf52038d1ccb3e56f8f2e48f32846e9cb52ec > fedora/1/updates/i386/mysql-bench-3.23.58-4.3.legacy.i386.rpm > 08c25d36193f30dceb4d3f81fbdd69f713fd94b7 > fedora/1/updates/i386/mysql-devel-3.23.58-4.3.legacy.i386.rpm > 8fa58175f2d1baf7d45e8c19939928d3faa113ba > fedora/1/updates/i386/mysql-server-3.23.58-4.3.legacy.i386.rpm > 291ec6bb776126c3726dc7dfc067afad520300af > fedora/1/updates/SRPMS/mysql-3.23.58-4.3.legacy.src.rpm > > These packages are GPG signed by Fedora Legacy for security. Our key is > available from http://www.fedoralegacy.org/about/security.php > > You can verify each package with the following command: > > rpm --checksig -v <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the sha1sum with the following command: > > sha1sum <filename> > > 8. References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004 > > 9. Contact: > > The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More > project details at http://www.fedoralegacy.org > > --------------------------------------------------------------------- > > > ------------------------------------------------------------------------ > > -- > Fedora-legacy-announce mailing list > Fedora-legacy-announce@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-announce - -- Ventsislav Genchev Atlantis BG, Ltd. E-mail: vigour@xxxxxxxxxxx phone: +35928757001 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFCQ/N8wxiN6NaquRwRAlAqAKCS6SYwI5+MdgAJN9nsKR/sXEbd+QCfbzcI lKDXm83PRKcrNpV4mvo+Oj0= =5CQE -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature