[ MDKSA-2007:177 ] - Updated MySQL packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:177
http://www.mandriva.com/security/
_______________________________________________________________________
Package : MySQL
Date : September 6, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in MySQL's authentication protocol, making
it possible for a remote unauthenticated attacker to send a specially
crafted authentication request to the MySQL server causing it to crash
(CVE-2007-3780).
Another flaw was discovered in MySQL that allowed remote authenticated
users to gain update privileges for a table in another database via
a view that refers to the external table (CVE-2007-3782).
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
43b19d6908c3e084f1b404feb00c63de
2007.0/i586/MySQL-5.0.24a-2.2mdv2007.0.i586.rpm
8fe94c7be904870d65b469a4c81196df
2007.0/i586/MySQL-Max-5.0.24a-2.2mdv2007.0.i586.rpm
3660295e693c4ecdbffbe3ae0b5701d8
2007.0/i586/MySQL-bench-5.0.24a-2.2mdv2007.0.i586.rpm
7298bcc5c8ee75a6eab087b9917b78f1
2007.0/i586/MySQL-client-5.0.24a-2.2mdv2007.0.i586.rpm
15dd0f8dcf80b1c1019eac8a5a4a7052
2007.0/i586/MySQL-common-5.0.24a-2.2mdv2007.0.i586.rpm
37ca2f0c3a007ff1c8981c1b7125ce2d
2007.0/i586/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.i586.rpm
544ef62805a41bf9b403e25ce7c7c1f5
2007.0/i586/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.i586.rpm
d7c5b8b833c2619dfa20401d0da61918
2007.0/i586/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.i586.rpm
e05d20b0c89d60be5b7be125e01bd7db
2007.0/i586/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.i586.rpm
ee401b386f61cdd23ad8ac68500d57ef
2007.0/i586/libmysql15-5.0.24a-2.2mdv2007.0.i586.rpm
7eb3b28147bb62fce7226c2bcd2fc0cf
2007.0/i586/libmysql15-devel-5.0.24a-2.2mdv2007.0.i586.rpm
f6173d4e62a6c52a124e8c7780796ed7
2007.0/i586/libmysql15-static-devel-5.0.24a-2.2mdv2007.0.i586.rpm
ed790867b5e832f98e14a5831d3c3d9b
2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9d8b485e4debe1a29d99cb4fc023ed17
2007.0/x86_64/MySQL-5.0.24a-2.2mdv2007.0.x86_64.rpm
8d0fd0cbc5449a5e9b9282209d8fb985
2007.0/x86_64/MySQL-Max-5.0.24a-2.2mdv2007.0.x86_64.rpm
05278a6de101b301da12d402636a5e33
2007.0/x86_64/MySQL-bench-5.0.24a-2.2mdv2007.0.x86_64.rpm
72efb5e7e697da6239e329370f972944
2007.0/x86_64/MySQL-client-5.0.24a-2.2mdv2007.0.x86_64.rpm
e2dbbe658be425721686df1a7b55251f
2007.0/x86_64/MySQL-common-5.0.24a-2.2mdv2007.0.x86_64.rpm
1d89433b36d4e80c2f56278adf028270
2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.x86_64.rpm
a709ab263cd6ea0254fb151c00eb71c4
2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.x86_64.rpm
85d6c978f065853608a12d2a4bd9e04f
2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.x86_64.rpm
88367e83123464a946c39aa115590142
2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.x86_64.rpm
c8f4fce474c9c5727499eacb1e31dbb1
2007.0/x86_64/lib64mysql15-5.0.24a-2.2mdv2007.0.x86_64.rpm
86230304c28d04713d68388a742c5888
2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm
ff870649d1aab1fae3a80ff6398427a6
2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm
ed790867b5e832f98e14a5831d3c3d9b
2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
7fef4072328373994701bd1150169219
2007.1/i586/MySQL-5.0.37-2.2mdv2007.1.i586.rpm
bbd5bfcca79fa90fd665e0aafeb4cfe9
2007.1/i586/MySQL-Max-5.0.37-2.2mdv2007.1.i586.rpm
0441bb8eafd22b50e736703da932f665
2007.1/i586/MySQL-bench-5.0.37-2.2mdv2007.1.i586.rpm
2187707d04ec069249b0860527e66882
2007.1/i586/MySQL-client-5.0.37-2.2mdv2007.1.i586.rpm
bbedede029d6f1d91df678ec1d9da3a4
2007.1/i586/MySQL-common-5.0.37-2.2mdv2007.1.i586.rpm
319d80d98c68eaaa3be389da3c4629f5
2007.1/i586/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.i586.rpm
cb4bf9d2fdbe4fbb1d54765526bfeb58
2007.1/i586/MySQL-ndb-management-5.0.37-2.2mdv2007.1.i586.rpm
1c938b9274476282001907ed77de224a
2007.1/i586/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.i586.rpm
11c50f8638f76bec718ee8fc1b56af35
2007.1/i586/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.i586.rpm
4d247c4144b7a734eb0b31f5c254aaf4
2007.1/i586/libmysql15-5.0.37-2.2mdv2007.1.i586.rpm
3ec4be50c4f1560717afcc9ac41408da
2007.1/i586/libmysql15-devel-5.0.37-2.2mdv2007.1.i586.rpm
988b86aa49ccc5e192b197d0e32d8b5f
2007.1/i586/libmysql15-static-devel-5.0.37-2.2mdv2007.1.i586.rpm
b917f553fa6d0558628203aa7bc6f02d
2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
594e1b48094ad676e9ef0dd3f5e66a1b
2007.1/x86_64/MySQL-5.0.37-2.2mdv2007.1.x86_64.rpm
c2a2b915d686f80457568f35cc6ab64b
2007.1/x86_64/MySQL-Max-5.0.37-2.2mdv2007.1.x86_64.rpm
27160238411f975742da59c4e4a575fc
2007.1/x86_64/MySQL-bench-5.0.37-2.2mdv2007.1.x86_64.rpm
bb34823dcc3d1d3afa5581c5a93299b4
2007.1/x86_64/MySQL-client-5.0.37-2.2mdv2007.1.x86_64.rpm
4c28854e5a25bd1545898eb7fa19dbe5
2007.1/x86_64/MySQL-common-5.0.37-2.2mdv2007.1.x86_64.rpm
dde3a6779745b4bcacc86cb0ec15ae14
2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.x86_64.rpm
a235878331e4e4e0b950ccc09e832fcd
2007.1/x86_64/MySQL-ndb-management-5.0.37-2.2mdv2007.1.x86_64.rpm
171e18f799173055a892be5dfb1a099a
2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.x86_64.rpm
7d09d6e1f704a0d650b9edc374ba25bd
2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.x86_64.rpm
ab9731811943facfe7e230c1cab387ea
2007.1/x86_64/lib64mysql15-5.0.37-2.2mdv2007.1.x86_64.rpm
d12e81527f57aa81ba4b441e9bc097a8
2007.1/x86_64/lib64mysql15-devel-5.0.37-2.2mdv2007.1.x86_64.rpm
060401f7450f23b9aa4d39d63907edf5
2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.2mdv2007.1.x86_64.rpm
b917f553fa6d0558628203aa7bc6f02d
2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm
Corporate 4.0:
1938deb4b70824480abff7dfe543e8ee
corporate/4.0/i586/MySQL-5.0.24-1.2.20060mlcs4.i586.rpm
a1df8885e384446fe22929e439c7c525
corporate/4.0/i586/MySQL-Max-5.0.24-1.2.20060mlcs4.i586.rpm
6f3479ce44c07541ef1f886c45803169
corporate/4.0/i586/MySQL-bench-5.0.24-1.2.20060mlcs4.i586.rpm
4dea8048500128d6e28131eba033f1c0
corporate/4.0/i586/MySQL-client-5.0.24-1.2.20060mlcs4.i586.rpm
717fc696fa3a65787672e53a25753639
corporate/4.0/i586/MySQL-common-5.0.24-1.2.20060mlcs4.i586.rpm
4cfd221eef70439ada856c769f873dbb
corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.i586.rpm
e968f12d07ce19867ca4f685deb9e652
corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.i586.rpm
06d5378cfc51cd416f2f0445ef37238a
corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.i586.rpm
38d365c715489e5c2ca0c6aaed5795d1
corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.i586.rpm
e628a68b96fc24856205950d5eba5141
corporate/4.0/i586/libmysql15-5.0.24-1.2.20060mlcs4.i586.rpm
93b5484b399c648f1828408fb58a7e11
corporate/4.0/i586/libmysql15-devel-5.0.24-1.2.20060mlcs4.i586.rpm
31b8c73500e0edfa03f1633bc6c69d55
corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.2.20060mlcs4.i586.rpm
6980b62dc761aa26800cf6f916ad97cd
corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3f0e93587ba367bc520724669ac1c086
corporate/4.0/x86_64/MySQL-5.0.24-1.2.20060mlcs4.x86_64.rpm
d944f2af2c2bd621917005feccf61873
corporate/4.0/x86_64/MySQL-Max-5.0.24-1.2.20060mlcs4.x86_64.rpm
5e2ed990999844d6f4c2b2cb86ae2bec
corporate/4.0/x86_64/MySQL-bench-5.0.24-1.2.20060mlcs4.x86_64.rpm
1757800fcd5bb184878d3a6c7dbb90ba
corporate/4.0/x86_64/MySQL-client-5.0.24-1.2.20060mlcs4.x86_64.rpm
e7800546e65218cebedc27a17876f208
corporate/4.0/x86_64/MySQL-common-5.0.24-1.2.20060mlcs4.x86_64.rpm
8851f7b970ce101b404ce22e6a28f435
corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.x86_64.rpm
30756109744e4b01c35465ca79a17d01
corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.x86_64.rpm
6b0c0f9f352e4a0c1e4f2daf5d6cc022
corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.x86_64.rpm
93b941dcc96c76c4dd8d094ffcfe5d00
corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.x86_64.rpm
3d4aae8b37ad1f8c5311202d8d5bd216
corporate/4.0/x86_64/lib64mysql15-5.0.24-1.2.20060mlcs4.x86_64.rpm
3f1bf6d93890beac995231ef5141271e
corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm
e254f27be6338ef526d1ea2facfa6e6d
corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm
6980b62dc761aa26800cf6f916ad97cd
corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG4HL4mqjQ0CJFipgRAkpdAKDTPhozGEvLphYM4BzIso4OzLislgCfeJ+k
VZ5eVA8JSlzKmPMtlIkybbs=
=n/GK
-----END PGP SIGNATURE-----