[ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:149
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : July 19, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
Sergei Golubchik found that MySQL did not properly validate optional
data or index directory paths given in a CREATE TABLE statement; as
well it would not, under certain conditions, prevent two databases
from using the same paths for data or index files. This could allow
an authenticated user with appropriate privilege to create tables in
one database to read and manipulate data in tables later created in
other databases, regardless of GRANT privileges (CVE-2008-2079).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
6782fa8e80d657cc32a784791296136c
2008.1/i586/libmysql15-5.0.51a-8.1mdv2008.1.i586.rpm
d38cfb788ab390a22e50c4d8cd88f713
2008.1/i586/libmysql-devel-5.0.51a-8.1mdv2008.1.i586.rpm
17c5413087a43818eb37625415db339c
2008.1/i586/libmysql-static-devel-5.0.51a-8.1mdv2008.1.i586.rpm
725b41649fd161c63087f0e44ec488bb
2008.1/i586/mysql-5.0.51a-8.1mdv2008.1.i586.rpm
c6864405d42406bf85f8e2fb08af8793
2008.1/i586/mysql-bench-5.0.51a-8.1mdv2008.1.i586.rpm
e6df015114747e50092b6a9d7225e821
2008.1/i586/mysql-client-5.0.51a-8.1mdv2008.1.i586.rpm
5b359172c307e980b7c8d3e409f1f85a
2008.1/i586/mysql-common-5.0.51a-8.1mdv2008.1.i586.rpm
b65eb90008f0f329fcd78aa601c941cf
2008.1/i586/mysql-doc-5.0.51a-8.1mdv2008.1.i586.rpm
803c2840d6e56e851d043c21c8d153ba
2008.1/i586/mysql-max-5.0.51a-8.1mdv2008.1.i586.rpm
ce4f47ad3c03549aee94d5b88734f6c8
2008.1/i586/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.i586.rpm
3f4013ca6f91d85d00895d58fccb235a
2008.1/i586/mysql-ndb-management-5.0.51a-8.1mdv2008.1.i586.rpm
494932ed64f2813cf0896f23112debc3
2008.1/i586/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.i586.rpm
d7c24b1ccf013e14adc943fe90fc11c5
2008.1/i586/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.i586.rpm
0e68ede1df17ebd9dfa4c02ca7205dc1
2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
7efe5a4aaf106e5f28118d4f0a6757e5
2008.1/x86_64/lib64mysql15-5.0.51a-8.1mdv2008.1.x86_64.rpm
0793a32b20f398f03580aaa5377e5192
2008.1/x86_64/lib64mysql-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
c3efcca1e7b13bf2d38cc15ac34c3a05
2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
aa1408995eec88602fe6cde92b662814
2008.1/x86_64/mysql-5.0.51a-8.1mdv2008.1.x86_64.rpm
ac232e2c080dccf9745f18a901079b7d
2008.1/x86_64/mysql-bench-5.0.51a-8.1mdv2008.1.x86_64.rpm
af82fcb4a9c02aa0994015892a0d1297
2008.1/x86_64/mysql-client-5.0.51a-8.1mdv2008.1.x86_64.rpm
7628f598b3d767f0f37f30b80f224db8
2008.1/x86_64/mysql-common-5.0.51a-8.1mdv2008.1.x86_64.rpm
ae212a73fda5f0e334d71a0fca4cd8b5
2008.1/x86_64/mysql-doc-5.0.51a-8.1mdv2008.1.x86_64.rpm
734b94f12d8c8b9042780e03d0a2c7df
2008.1/x86_64/mysql-max-5.0.51a-8.1mdv2008.1.x86_64.rpm
53a4ab72777ab8c85a89f8f37ceaecff
2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.x86_64.rpm
8f57766a240e25ae39c11ffba53f5762
2008.1/x86_64/mysql-ndb-management-5.0.51a-8.1mdv2008.1.x86_64.rpm
3e0df3dabd48d33ccfe4322bffe36743
2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.x86_64.rpm
02030eb47df043478edc5886d9706849
2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.x86_64.rpm
0e68ede1df17ebd9dfa4c02ca7205dc1
2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIghjzmqjQ0CJFipgRAg2lAKCPKI1bYFVEu+WtzrBRzIERRkuzvwCfeakB
uT2vsaASgbZ7/Mfe3zNpGmo=
=aIyr
-----END PGP SIGNATURE-----