Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in mysql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mysql
ID: MDVSA-2008:028
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1
Datum: Mi, 30. Januar 2008, 05:41
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
Applikationen: MySQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1201668089-4794-9458


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:028
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : January 29, 2008
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not
restore THD::db_access privileges when returning from SQL SECURITY
INVOKER stored routines, which allowed remote authenticated users to
gain privileges (CVE-2007-2692).

The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).

The updated packages provide MySQL 5.0.45 for all Mandriva Linux
platforms that shipped with MySQL 5.0.x which offers a number of
feature enhancements and bug fixes. In addition, the updates for
Corporate Server 4.0 include support for the Sphinx engine.

Please note that due to the package name change (from 'MySQL' to
'mysql'), the mysqld service will not restart automatically so users
must execute 'service mysqld start' after the upgrade is complete.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
8308e15a835905cfb1db32eada26c883
2007.0/i586/libmysql-devel-5.0.45-8.1mdv2007.0.i586.rpm
497b43aa77224faa392c5141d48e138f
2007.0/i586/libmysql-static-devel-5.0.45-8.1mdv2007.0.i586.rpm
d46c0aea4b3d4e3b57f6d58cd508af57
2007.0/i586/libmysql15-5.0.45-8.1mdv2007.0.i586.rpm
3278969388161ffed75c14e15dd9d4ad
2007.0/i586/mysql-5.0.45-8.1mdv2007.0.i586.rpm
72961088740e022b2db2c7546f361c67
2007.0/i586/mysql-bench-5.0.45-8.1mdv2007.0.i586.rpm
36c92157cda26ce4297628e66c079d7f
2007.0/i586/mysql-client-5.0.45-8.1mdv2007.0.i586.rpm
773b61b83357a3946395135431cd32db
2007.0/i586/mysql-common-5.0.45-8.1mdv2007.0.i586.rpm
21b2a793207115ccf7f36c054b50b9fe
2007.0/i586/mysql-max-5.0.45-8.1mdv2007.0.i586.rpm
1d3bd0dcb8e675674ddda288c28cb558
2007.0/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.0.i586.rpm
3db8afbca3dd5827ffedc4e47c10f97e
2007.0/i586/mysql-ndb-management-5.0.45-8.1mdv2007.0.i586.rpm
a6a279e76cca9cdf3ac5565179e80545
2007.0/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.0.i586.rpm
f8b9a30a32e247915b9858f3b7f63379
2007.0/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.0.i586.rpm
e64751b034f8560d5118b35e6a5092fb
2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
cf40fcf35654f9c2c178f8536f718f72
2007.0/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.0.x86_64.rpm
75c959ef8c66d26b24b32a79e9cc28bd
2007.0/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.0.x86_64.rpm
cdfe8b2ea0baec8d6574a13ddcb8e39b
2007.0/x86_64/lib64mysql15-5.0.45-8.1mdv2007.0.x86_64.rpm
7b55f3b2c08793911edb7aa0e1cc4b4d
2007.0/x86_64/mysql-5.0.45-8.1mdv2007.0.x86_64.rpm
6c8a12a0b9a17dc9ba2f91b69de366a3
2007.0/x86_64/mysql-bench-5.0.45-8.1mdv2007.0.x86_64.rpm
cc3b0305b62d265bf4ea28de45c409a4
2007.0/x86_64/mysql-client-5.0.45-8.1mdv2007.0.x86_64.rpm
6eed047db759509c10eb349b6c2546df
2007.0/x86_64/mysql-common-5.0.45-8.1mdv2007.0.x86_64.rpm
a4527d7bb167064a0028cf3f9b768dc5
2007.0/x86_64/mysql-max-5.0.45-8.1mdv2007.0.x86_64.rpm
f06ce459897d0e0c93a301c2312a53e9
2007.0/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.0.x86_64.rpm
937776dc1bad2a792d33184b92e9bb56
2007.0/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.0.x86_64.rpm
df971f898499ec07b86d70ca40c12567
2007.0/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.0.x86_64.rpm
aa08021ec8da55ace45677a0c2df1d81
2007.0/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.0.x86_64.rpm
e64751b034f8560d5118b35e6a5092fb
2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
a38836b0cbc846c1dd00e6d585a5a294
2007.1/i586/libmysql-devel-5.0.45-8.1mdv2007.1.i586.rpm
2b7b67b466378773aceaba6ef463bf5c
2007.1/i586/libmysql-static-devel-5.0.45-8.1mdv2007.1.i586.rpm
ce17d4f08128e4ee6fe65c0f9714d977
2007.1/i586/libmysql15-5.0.45-8.1mdv2007.1.i586.rpm
e379f1928765efaeba54e955d814e319
2007.1/i586/mysql-5.0.45-8.1mdv2007.1.i586.rpm
0b193494a536b74a26481c52b81b5ddb
2007.1/i586/mysql-bench-5.0.45-8.1mdv2007.1.i586.rpm
2eabad8947dd72625bce27a7080352d8
2007.1/i586/mysql-client-5.0.45-8.1mdv2007.1.i586.rpm
3a44bdf485a76168b8e34d5c9d32b7b6
2007.1/i586/mysql-common-5.0.45-8.1mdv2007.1.i586.rpm
a89063f71cb71697814d722d4db74681
2007.1/i586/mysql-max-5.0.45-8.1mdv2007.1.i586.rpm
dfba29fc3bc045ba88951f3f9de4aff2
2007.1/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.1.i586.rpm
e8c6e2cf09c6455d744063f0263d6b21
2007.1/i586/mysql-ndb-management-5.0.45-8.1mdv2007.1.i586.rpm
cc7b6344cd4fffa8445f39ba1b346ca9
2007.1/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.1.i586.rpm
467865cd19dd0490f786ee23ab54e065
2007.1/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.1.i586.rpm
a9b3d46326af15bfd46be2c83686777f
2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
7b08c92ffd78f132aafba21ab594a42d
2007.1/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.1.x86_64.rpm
da3d05a494925b934e0456162b006888
2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.1.x86_64.rpm
53d391471cc83b3d85db9b2bfc788494
2007.1/x86_64/lib64mysql15-5.0.45-8.1mdv2007.1.x86_64.rpm
308068c6d03d3d5abbd0b444e836cc17
2007.1/x86_64/mysql-5.0.45-8.1mdv2007.1.x86_64.rpm
04e3fb67f3f67a8747b1d2bf53b5e547
2007.1/x86_64/mysql-bench-5.0.45-8.1mdv2007.1.x86_64.rpm
851d191e569b72a5b7624b2a32e4e584
2007.1/x86_64/mysql-client-5.0.45-8.1mdv2007.1.x86_64.rpm
12fc2e3d907bfa04cb02496146cc4a56
2007.1/x86_64/mysql-common-5.0.45-8.1mdv2007.1.x86_64.rpm
16d00cebde97ee6be2742f81937d5915
2007.1/x86_64/mysql-max-5.0.45-8.1mdv2007.1.x86_64.rpm
06f1a09c1a8c5e721565b4e39390e184
2007.1/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.1.x86_64.rpm
ac18d6bb01af8d50311d8a12090d8391
2007.1/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.1.x86_64.rpm
33f135b18c515ddcbc3a7cef106dfd82
2007.1/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.1.x86_64.rpm
b543874252fd45641001a68523e3cb76
2007.1/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.1.x86_64.rpm
a9b3d46326af15bfd46be2c83686777f
2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm

Corporate 4.0:
10b08c4aef587ab1009b30a7f6786267
corporate/4.0/i586/libmysql-devel-5.0.45-7.1.20060mlcs4.i586.rpm
5224612a804fba33a616f2e8eeb2fb66
corporate/4.0/i586/libmysql-static-devel-5.0.45-7.1.20060mlcs4.i586.rpm
c3ba2b6e48f6ac91416e296ed2e48ccd
corporate/4.0/i586/libmysql15-5.0.45-7.1.20060mlcs4.i586.rpm
a0d41fd603cadfb613fab192a9f57d8b
corporate/4.0/i586/mysql-5.0.45-7.1.20060mlcs4.i586.rpm
7ad5cd1d76be29f206148756d7675466
corporate/4.0/i586/mysql-bench-5.0.45-7.1.20060mlcs4.i586.rpm
33194b388687a13e43ff6d464e058ff5
corporate/4.0/i586/mysql-client-5.0.45-7.1.20060mlcs4.i586.rpm
e95b67383618e7e903d59fa035489a38
corporate/4.0/i586/mysql-common-5.0.45-7.1.20060mlcs4.i586.rpm
465aa5b928645beff8c33da0b2a7404e
corporate/4.0/i586/mysql-max-5.0.45-7.1.20060mlcs4.i586.rpm
c5c71f0d9423b930bc1da328e24205d5
corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.i586.rpm
b33302b1b3376dd5cb5f3f294e83bef6
corporate/4.0/i586/mysql-ndb-management-5.0.45-7.1.20060mlcs4.i586.rpm
039351fc45003c4b3e21f6664cca8912
corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.i586.rpm
56931d13e6b2bb73cd40bbe148e96e9a
corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.i586.rpm
041dd79dc8f4531524ea7c11386c1eaa
corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
8d35642f0a5ff7f8cc917751a4d52e6a
corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm
2d908a9332638c14dd31e8d77113a9da
corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm
bf3443b40917fd9f8cf872b7f0731164
corporate/4.0/x86_64/lib64mysql15-5.0.45-7.1.20060mlcs4.x86_64.rpm
070736f9c11739b1636d81244412057f
corporate/4.0/x86_64/mysql-5.0.45-7.1.20060mlcs4.x86_64.rpm
cefe0f1bbc72355ce777f296b45b5ed3
corporate/4.0/x86_64/mysql-bench-5.0.45-7.1.20060mlcs4.x86_64.rpm
57e0592185510613cd47c1bafe835f47
corporate/4.0/x86_64/mysql-client-5.0.45-7.1.20060mlcs4.x86_64.rpm
7588a705de13a66d52f1a917251d6b71
corporate/4.0/x86_64/mysql-common-5.0.45-7.1.20060mlcs4.x86_64.rpm
24f33b4a948e3187d409c923c574201e
corporate/4.0/x86_64/mysql-max-5.0.45-7.1.20060mlcs4.x86_64.rpm
00c7d7b67e7ad5428571cfe34472aefb
corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.x86_64.rpm
994c10d3df42ad91db095ed3455bed75
corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.1.20060mlcs4.x86_64.rpm
74ec034893fbbc0db4eecd62748f19ab
corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.x86_64.rpm
d29e8aad80d5ad6bedbcca512700e7d1
corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.x86_64.rpm
041dd79dc8f4531524ea7c11386c1eaa
corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHn8bhmqjQ0CJFipgRAmC2AJ9eX48lecJkUaKkXnRAWKIwgmeD8gCgmXjp
4mhVLb87csMrDvR176pf7GI=
=A9gT
-----END PGP SIGNATURE-----


------------=_1201668089-4794-9458
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1201668089-4794-9458--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung