Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in mysql
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in mysql
ID: MDVSA-2009:159
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2008.1, Mandriva 2009.0
Datum: Mo, 27. Juli 2009, 17:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
Applikationen: MySQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1248708092-13155-433


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:159
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : July 27, 2009
Affected: 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in mysql:

Multiple format string vulnerabilities in the dispatch_command function
in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
remote authenticated users to cause a denial of service (daemon crash)
and possibly have unspecified other impact via format string specifiers
in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
NOTE: some of these details are obtained from third party information
(CVE-2009-2446).

This update provides fixes for this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
3628f8975e928e87a1a364cf8817a200
2008.1/i586/libmysql15-5.0.51a-8.3mdv2008.1.i586.rpm
317c6543ab44b98981a426a61da15726
2008.1/i586/libmysql-devel-5.0.51a-8.3mdv2008.1.i586.rpm
2c38fa4add8cb3b2ee751dc552309e99
2008.1/i586/libmysql-static-devel-5.0.51a-8.3mdv2008.1.i586.rpm
c8e3a790a4062d9af0da3f2561478e85
2008.1/i586/mysql-5.0.51a-8.3mdv2008.1.i586.rpm
65daf3337e7089633a9e9f6b00a9cdf7
2008.1/i586/mysql-bench-5.0.51a-8.3mdv2008.1.i586.rpm
941ae80135f17328d5cd56b9acf193c9
2008.1/i586/mysql-client-5.0.51a-8.3mdv2008.1.i586.rpm
ae37b0e87a93a5b84c6b591c9d5d42d5
2008.1/i586/mysql-common-5.0.51a-8.3mdv2008.1.i586.rpm
9c5028a0999ae2ac20d911660d88cf1e
2008.1/i586/mysql-doc-5.0.51a-8.3mdv2008.1.i586.rpm
2a5b92da25ed9f19ec26d61eeb479990
2008.1/i586/mysql-max-5.0.51a-8.3mdv2008.1.i586.rpm
801f996c1a66cb3b93bf7d62761cb492
2008.1/i586/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.i586.rpm
0083b276c3045f240de7d75aedaca226
2008.1/i586/mysql-ndb-management-5.0.51a-8.3mdv2008.1.i586.rpm
1b83044a362c90b6c7a2a78ce495d9ec
2008.1/i586/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.i586.rpm
4aa47c32b6e7863e1f52eb428bab87ff
2008.1/i586/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.i586.rpm
79bdf79636fcd2a542195f4356b10611
2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
9f1ea47fd375a6755064c258785c73f0
2008.1/x86_64/lib64mysql15-5.0.51a-8.3mdv2008.1.x86_64.rpm
d7444208199082e58a85b46b7e5bbbc4
2008.1/x86_64/lib64mysql-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm
369e6f95263472abd215281d1966d92f
2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm
9909dc719a779a2c66436ee41833547f
2008.1/x86_64/mysql-5.0.51a-8.3mdv2008.1.x86_64.rpm
3860325b02a80e9a63be97c4fd9108c8
2008.1/x86_64/mysql-bench-5.0.51a-8.3mdv2008.1.x86_64.rpm
d9b3b6929bd24b1d6e875feed8c1a957
2008.1/x86_64/mysql-client-5.0.51a-8.3mdv2008.1.x86_64.rpm
9979f82c4d640a2dd7d74f600c428004
2008.1/x86_64/mysql-common-5.0.51a-8.3mdv2008.1.x86_64.rpm
4af8c7ceff4bc8f4ed65826d2f2da519
2008.1/x86_64/mysql-doc-5.0.51a-8.3mdv2008.1.x86_64.rpm
b56aee4f26e9ec7136994047348c0c34
2008.1/x86_64/mysql-max-5.0.51a-8.3mdv2008.1.x86_64.rpm
be02d59a3060287436bbc95c97adca80
2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.x86_64.rpm
5bf5715866f49b050972d937f1c8757c
2008.1/x86_64/mysql-ndb-management-5.0.51a-8.3mdv2008.1.x86_64.rpm
a136e3d9956101149e56dde69578c37b
2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.x86_64.rpm
2149c675079fea5e03590d3d7491fab9
2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.x86_64.rpm
79bdf79636fcd2a542195f4356b10611
2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm

Mandriva Linux 2009.0:
1e1a4b7883da6c70286855443dda32cb
2009.0/i586/libmysql15-5.0.84-0.2mdv2009.0.i586.rpm
7380d8d6c3f80d79bd4be3bef6b113de
2009.0/i586/libmysql-devel-5.0.84-0.2mdv2009.0.i586.rpm
0c8154607d3aac68a8d282230d887990
2009.0/i586/libmysql-static-devel-5.0.84-0.2mdv2009.0.i586.rpm
d00b5d9c4c4b6b78a107a3cdcb00a547
2009.0/i586/mysql-5.0.84-0.2mdv2009.0.i586.rpm
3feacd18010b9330fe33e491a30fa9c0
2009.0/i586/mysql-bench-5.0.84-0.2mdv2009.0.i586.rpm
34cbf21dccbeb564d690ce7c66d2698d
2009.0/i586/mysql-client-5.0.84-0.2mdv2009.0.i586.rpm
21ee0b85c276823c1fb31d06d41aa70f
2009.0/i586/mysql-common-5.0.84-0.2mdv2009.0.i586.rpm
2aea7e8563c35718d32323b8916b6e93
2009.0/i586/mysql-doc-5.0.84-0.2mdv2009.0.i586.rpm
7dc25b1c7389c3714d7bbe36d3abf15b
2009.0/i586/mysql-max-5.0.84-0.2mdv2009.0.i586.rpm
5927407ea622f6d1414da51e03d74f2a
2009.0/i586/mysql-ndb-extra-5.0.84-0.2mdv2009.0.i586.rpm
2b8b1c7f01b3ab187ec85d4b2e66606a
2009.0/i586/mysql-ndb-management-5.0.84-0.2mdv2009.0.i586.rpm
32e6d1ab9f1c46d87caad9d103f398ff
2009.0/i586/mysql-ndb-storage-5.0.84-0.2mdv2009.0.i586.rpm
8c1ca3484eb9c11daef1ff9c2668f7c0
2009.0/i586/mysql-ndb-tools-5.0.84-0.2mdv2009.0.i586.rpm
d2c6899e2d639e0a46d8468bc84454ac
2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
96d17c2e7d0f687e560408318bc4bb20
2009.0/x86_64/lib64mysql15-5.0.84-0.2mdv2009.0.x86_64.rpm
e93a2aa64a311c4e73b27a673562065f
2009.0/x86_64/lib64mysql-devel-5.0.84-0.2mdv2009.0.x86_64.rpm
c6d39ceeb9da025e8826ae4f6f923c0e
2009.0/x86_64/lib64mysql-static-devel-5.0.84-0.2mdv2009.0.x86_64.rpm
ed0ce425ab15be6634d920c3ffcbbbea
2009.0/x86_64/mysql-5.0.84-0.2mdv2009.0.x86_64.rpm
2ea3cdd5e28a55e90807cf8f6e6c5d3f
2009.0/x86_64/mysql-bench-5.0.84-0.2mdv2009.0.x86_64.rpm
7a8561ea92a9a7f0fe143150a17fa5f1
2009.0/x86_64/mysql-client-5.0.84-0.2mdv2009.0.x86_64.rpm
f5a5087df04f186e0f9182b09341b890
2009.0/x86_64/mysql-common-5.0.84-0.2mdv2009.0.x86_64.rpm
fe07c0ecffe297f10c9222426726b95a
2009.0/x86_64/mysql-doc-5.0.84-0.2mdv2009.0.x86_64.rpm
c66db51ab2cd89b03ea9d5b9a3dc5f5b
2009.0/x86_64/mysql-max-5.0.84-0.2mdv2009.0.x86_64.rpm
d4e14940c621ad3e1eb3ed0f64420914
2009.0/x86_64/mysql-ndb-extra-5.0.84-0.2mdv2009.0.x86_64.rpm
a5bbe12755b6806496af42b8d35adb1e
2009.0/x86_64/mysql-ndb-management-5.0.84-0.2mdv2009.0.x86_64.rpm
6e22d8f4b91cd5f3e4c74ecf9a6b3fe2
2009.0/x86_64/mysql-ndb-storage-5.0.84-0.2mdv2009.0.x86_64.rpm
06b51526843f1b5fcaec98de6466839b
2009.0/x86_64/mysql-ndb-tools-5.0.84-0.2mdv2009.0.x86_64.rpm
d2c6899e2d639e0a46d8468bc84454ac
2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm

Corporate 4.0:
1b9557c9b34f969025cf5663c6acd640
corporate/4.0/i586/libmysql15-5.0.45-7.4.20060mlcs4.i586.rpm
4c9a7d5e769aecf8206d5cc357517508
corporate/4.0/i586/libmysql-devel-5.0.45-7.4.20060mlcs4.i586.rpm
2298bdc856aea199adb18d7fd0e199a8
corporate/4.0/i586/libmysql-static-devel-5.0.45-7.4.20060mlcs4.i586.rpm
11694d6eacad6031184d39f09c1a743b
corporate/4.0/i586/mysql-5.0.45-7.4.20060mlcs4.i586.rpm
26d5f2972f74bebd927365c6b8aea29f
corporate/4.0/i586/mysql-bench-5.0.45-7.4.20060mlcs4.i586.rpm
15bbcbec5d99ab7b2c579e1bd70e890a
corporate/4.0/i586/mysql-client-5.0.45-7.4.20060mlcs4.i586.rpm
05bbf10154ab61f70b7d1bef96e433d5
corporate/4.0/i586/mysql-common-5.0.45-7.4.20060mlcs4.i586.rpm
79815e2645924f5540fff00163e0d6ac
corporate/4.0/i586/mysql-max-5.0.45-7.4.20060mlcs4.i586.rpm
8ce00c54f3d5a5ae7520a14ba4a6d31d
corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.i586.rpm
a13afdcc0e7529eb7049d10ad6753fc7
corporate/4.0/i586/mysql-ndb-management-5.0.45-7.4.20060mlcs4.i586.rpm
cff43be291e117fd094c6de3ee717072
corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.i586.rpm
7d9b9210ebfd965704439c7a6a82ac0b
corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.i586.rpm
1ca36aca6b2c65a6aea62dca2495139a
corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
dbf87e065578c19b64d466df96a58aac
corporate/4.0/x86_64/lib64mysql15-5.0.45-7.4.20060mlcs4.x86_64.rpm
efbdc741f009ee171677c6ee751cc074
corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm
a56e2f968ecf9cefa2e569b722ebf438
corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm
263540907d7352253e74c8d9e7867830
corporate/4.0/x86_64/mysql-5.0.45-7.4.20060mlcs4.x86_64.rpm
f18d3a07e6bea0469fc9f403b9863e1d
corporate/4.0/x86_64/mysql-bench-5.0.45-7.4.20060mlcs4.x86_64.rpm
30b41d78a46daf5109c2f30e38edc2fe
corporate/4.0/x86_64/mysql-client-5.0.45-7.4.20060mlcs4.x86_64.rpm
fe1c6a7df34ae07f58ceb2b4f5ab8e1d
corporate/4.0/x86_64/mysql-common-5.0.45-7.4.20060mlcs4.x86_64.rpm
ce5658bb011633365c74f359d5c5aa83
corporate/4.0/x86_64/mysql-max-5.0.45-7.4.20060mlcs4.x86_64.rpm
037669a1be7b9a411adb6e87db77e31f
corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.x86_64.rpm
7c6c390912be084c419d4a73b79f7099
corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.4.20060mlcs4.x86_64.rpm
02c2dbaf8f0346142d3865824aa7567c
corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.x86_64.rpm
6d89669e649f898e1f35d2aa74e713f4
corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.x86_64.rpm
1ca36aca6b2c65a6aea62dca2495139a
corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKbZg6mqjQ0CJFipgRAtcHAKC/1zd95+nBqZs3vzdTTMVjUrtYdQCeMeyi
M+BzL6689hE/cOwX7jSm0gw=
=4Yy8
-----END PGP SIGNATURE-----


------------=_1248708092-13155-433
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1248708092-13155-433--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung