Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in mysql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mysql
ID: MDVSA-2010:011
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0
Datum: Mo, 18. Januar 2010, 00:05
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-87.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
Applikationen: MySQL

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1263766712-24326-3595


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:011
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : January 17, 2010
 Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in mysql:
 
 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does
 not (1) properly handle errors during execution of certain SELECT
 statements with subqueries, and does not (2) preserve certain
 null_value flags during execution of statements that use the
 GeomFromWKB function, which allows remote authenticated users to
 cause a denial of service (daemon crash) via a crafted statement
 (CVE-2009-4019).
 
 The vio_verify_callback function in viosslfactories.c in MySQL
 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,
 accepts a value of zero for the depth of X.509 certificates, which
 allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL
 servers via a crafted certificate, as demonstrated by a certificate
 presented by a server linked against the yaSSL library (CVE-2009-4028).
 
 MySQL 5.1.x before 5.1.41 allows local users to bypass certain
 privilege checks by calling CREATE TABLE on a MyISAM table with
 modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments
 that are originally associated with pathnames without symlinks,
 and that can point to tables created at a future time at which a
 pathname is modified to contain a symlink to a subdirectory of the
 MySQL data home directory, related to incorrect calculation of the
 mysql_unpacked_real_data_home value.  NOTE: this vulnerability exists
 because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079
 (CVE-2009-4030).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct these
 issues. Additionally for 2009.0 and MES5 mysql has also been upgraded
 to the last stable 5.0 release (5.0.89).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030
 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-87.html
 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 52156c6c7dba02ea832510d73ef02deb 
 2008.0/i586/libmysql15-5.0.45-8.4mdv2008.0.i586.rpm
 53eebd8dccb55dd2e8f0a8f87caaf3b0 
 2008.0/i586/libmysql-devel-5.0.45-8.4mdv2008.0.i586.rpm
 c0632b9df5c962e1ca8ed838b088da8b 
 2008.0/i586/libmysql-static-devel-5.0.45-8.4mdv2008.0.i586.rpm
 f02c5fc0513cfc39c01ad21e7b5e7edd 
 2008.0/i586/mysql-5.0.45-8.4mdv2008.0.i586.rpm
 ce135fcc22986e9fe75d046d8214b8ae 
 2008.0/i586/mysql-bench-5.0.45-8.4mdv2008.0.i586.rpm
 619cfa0e7d78d404bc61b8a5f4eb17e9 
 2008.0/i586/mysql-client-5.0.45-8.4mdv2008.0.i586.rpm
 64009281c17a9a6dd7c6384134524453 
 2008.0/i586/mysql-common-5.0.45-8.4mdv2008.0.i586.rpm
 1ac7689f55069fd235952b818624c2e2 
 2008.0/i586/mysql-max-5.0.45-8.4mdv2008.0.i586.rpm
 fef4fef755eb747ad9e00f60f97b6b2b 
 2008.0/i586/mysql-ndb-extra-5.0.45-8.4mdv2008.0.i586.rpm
 494aa4646fbc967b22186dbc9e418001 
 2008.0/i586/mysql-ndb-management-5.0.45-8.4mdv2008.0.i586.rpm
 58d95a6fdf0b9b1edcfcef7ec69d36fe 
 2008.0/i586/mysql-ndb-storage-5.0.45-8.4mdv2008.0.i586.rpm
 80bc40abba82c332f5ca0394c160dd2a 
 2008.0/i586/mysql-ndb-tools-5.0.45-8.4mdv2008.0.i586.rpm 
 a0fbad6a7f94fd5382601ca8d32cb7c8 
 2008.0/SRPMS/mysql-5.0.45-8.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 02fd0b09ae47bc94aa3eb110099973aa 
 2008.0/x86_64/lib64mysql15-5.0.45-8.4mdv2008.0.x86_64.rpm
 b7b976c0148f2b6c4c8044d4f0774339 
 2008.0/x86_64/lib64mysql-devel-5.0.45-8.4mdv2008.0.x86_64.rpm
 b501227c5cc8f50616534437cd53bfbb 
 2008.0/x86_64/lib64mysql-static-devel-5.0.45-8.4mdv2008.0.x86_64.rpm
 caef775cdfb0ab79d17f8059008fc121 
 2008.0/x86_64/mysql-5.0.45-8.4mdv2008.0.x86_64.rpm
 f1888d061138183ebad250aea222bbeb 
 2008.0/x86_64/mysql-bench-5.0.45-8.4mdv2008.0.x86_64.rpm
 0bee0bac8aceed2382baeed0939ced56 
 2008.0/x86_64/mysql-client-5.0.45-8.4mdv2008.0.x86_64.rpm
 63942af1015667ae55aadd25b6510d58 
 2008.0/x86_64/mysql-common-5.0.45-8.4mdv2008.0.x86_64.rpm
 7733ea0f4521e7478c1cf0a0355500cc 
 2008.0/x86_64/mysql-max-5.0.45-8.4mdv2008.0.x86_64.rpm
 b1ca0a84f090d8ad80396dd7e7c83951 
 2008.0/x86_64/mysql-ndb-extra-5.0.45-8.4mdv2008.0.x86_64.rpm
 0e533b8ba30d09fe72791b0a478dc980 
 2008.0/x86_64/mysql-ndb-management-5.0.45-8.4mdv2008.0.x86_64.rpm
 d0957597d5d9f5c86eaeac2221f39e78 
 2008.0/x86_64/mysql-ndb-storage-5.0.45-8.4mdv2008.0.x86_64.rpm
 cf8f68b9ffe6c59bfa794d376aaf751c 
 2008.0/x86_64/mysql-ndb-tools-5.0.45-8.4mdv2008.0.x86_64.rpm 
 a0fbad6a7f94fd5382601ca8d32cb7c8 
 2008.0/SRPMS/mysql-5.0.45-8.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 2e28952a24e2f6901bf85d979b8b1c46 
 2009.0/i586/libmysql15-5.0.89-0.1mdv2009.0.i586.rpm
 6672ffa72e237709ed9a99ce144598d2 
 2009.0/i586/libmysql-devel-5.0.89-0.1mdv2009.0.i586.rpm
 c60cf534fd87eaa01b1a020de9f03e5e 
 2009.0/i586/libmysql-static-devel-5.0.89-0.1mdv2009.0.i586.rpm
 c03211be98622a33fdc4ee9dbbc8d716 
 2009.0/i586/mysql-5.0.89-0.1mdv2009.0.i586.rpm
 48fd7a7e77defa470c7ac5f3dd49980b 
 2009.0/i586/mysql-bench-5.0.89-0.1mdv2009.0.i586.rpm
 f5ffba54fb2b9e9a259e074b50c70ea7 
 2009.0/i586/mysql-client-5.0.89-0.1mdv2009.0.i586.rpm
 6edc821439726b682d966fd9996ea54b 
 2009.0/i586/mysql-common-5.0.89-0.1mdv2009.0.i586.rpm
 d900686ed87347b2f0a5e7a32f007be9 
 2009.0/i586/mysql-doc-5.0.89-0.1mdv2009.0.i586.rpm
 e9c960732a0a656344a7ff6e94eac3ab 
 2009.0/i586/mysql-max-5.0.89-0.1mdv2009.0.i586.rpm
 a386fab18c84eaaa1217b6055821f769 
 2009.0/i586/mysql-ndb-extra-5.0.89-0.1mdv2009.0.i586.rpm
 6944b96baa536d4d18df6fc339b2301f 
 2009.0/i586/mysql-ndb-management-5.0.89-0.1mdv2009.0.i586.rpm
 c4bbe041699b7feff34664258e20732f 
 2009.0/i586/mysql-ndb-storage-5.0.89-0.1mdv2009.0.i586.rpm
 f5e48810839696fe3a5cb5cba7d71951 
 2009.0/i586/mysql-ndb-tools-5.0.89-0.1mdv2009.0.i586.rpm 
 15a56088b4622bebf915a6971c6ba081 
 2009.0/SRPMS/mysql-5.0.89-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 15ccf636dee25985ac7d75d12e64ac38 
 2009.0/x86_64/lib64mysql15-5.0.89-0.1mdv2009.0.x86_64.rpm
 3abe6b605dbdbd25cb9cdcda86464de7 
 2009.0/x86_64/lib64mysql-devel-5.0.89-0.1mdv2009.0.x86_64.rpm
 490c28551b5994f9bbf69d0995550afc 
 2009.0/x86_64/lib64mysql-static-devel-5.0.89-0.1mdv2009.0.x86_64.rpm
 f10fbc859e53b88935eb8323f7c7e80f 
 2009.0/x86_64/mysql-5.0.89-0.1mdv2009.0.x86_64.rpm
 db7c697849e5eaacf4a5eac0770de778 
 2009.0/x86_64/mysql-bench-5.0.89-0.1mdv2009.0.x86_64.rpm
 ffeb4bc0d6ee6f822bdca0765c19aefc 
 2009.0/x86_64/mysql-client-5.0.89-0.1mdv2009.0.x86_64.rpm
 561d93e27e2804333ffbec1ede7380c8 
 2009.0/x86_64/mysql-common-5.0.89-0.1mdv2009.0.x86_64.rpm
 8d80f87abdb8cd4cb9370a875fea6c55 
 2009.0/x86_64/mysql-doc-5.0.89-0.1mdv2009.0.x86_64.rpm
 971b1382e1b2a483c779bb43a1bfd632 
 2009.0/x86_64/mysql-max-5.0.89-0.1mdv2009.0.x86_64.rpm
 009d4f98061226eee877747bf8107791 
 2009.0/x86_64/mysql-ndb-extra-5.0.89-0.1mdv2009.0.x86_64.rpm
 a422f3b9c65617e4663d7ca62a599752 
 2009.0/x86_64/mysql-ndb-management-5.0.89-0.1mdv2009.0.x86_64.rpm
 045c2e9004ca9b32743f80c11ccaabc5 
 2009.0/x86_64/mysql-ndb-storage-5.0.89-0.1mdv2009.0.x86_64.rpm
 0659a3929f24e8dcc03f73bc32339251 
 2009.0/x86_64/mysql-ndb-tools-5.0.89-0.1mdv2009.0.x86_64.rpm 
 15a56088b4622bebf915a6971c6ba081 
 2009.0/SRPMS/mysql-5.0.89-0.1mdv2009.0.src.rpm

 Corporate 4.0:
 bf3171e73b3065a88389f79053905588 
 corporate/4.0/i586/libmysql15-5.0.45-7.5.20060mlcs4.i586.rpm
 2e50b66392ec5ac2b9f11fca8ed5930c 
 corporate/4.0/i586/libmysql-devel-5.0.45-7.5.20060mlcs4.i586.rpm
 0a605644b49120cf7d66724c995529a6 
 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.5.20060mlcs4.i586.rpm
 0cf43ed6190b6b6556f225696cdd555d 
 corporate/4.0/i586/mysql-5.0.45-7.5.20060mlcs4.i586.rpm
 528abc387bc6a4924cc9c73b2c121a99 
 corporate/4.0/i586/mysql-bench-5.0.45-7.5.20060mlcs4.i586.rpm
 60043fdfaac8bdb5b25b52f1db650696 
 corporate/4.0/i586/mysql-client-5.0.45-7.5.20060mlcs4.i586.rpm
 5113d4169e3291c1badeafe25dc382c3 
 corporate/4.0/i586/mysql-common-5.0.45-7.5.20060mlcs4.i586.rpm
 e0dd09cec8a064c71e9a98216782efb5 
 corporate/4.0/i586/mysql-max-5.0.45-7.5.20060mlcs4.i586.rpm
 4e1000a31bd21f8aa9fb793ec892ee4c 
 corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.5.20060mlcs4.i586.rpm
 035853a97dfb989ac014bb2e3344fd25 
 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.5.20060mlcs4.i586.rpm
 e1fcdc94a8e7310bed82b066c7c59409 
 corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.5.20060mlcs4.i586.rpm
 956c538f81013446d7d51d3a05edebcc 
 corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.5.20060mlcs4.i586.rpm 
 45375c56eae6358757ff43a387ba409f 
 corporate/4.0/SRPMS/mysql-5.0.45-7.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 99851815b12a0f2c18ec6e4ca21a96ad 
 corporate/4.0/x86_64/lib64mysql15-5.0.45-7.5.20060mlcs4.x86_64.rpm
 17eb6293dbe8be53eedbe855ce7a0923 
 corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.5.20060mlcs4.x86_64.rpm
 f9fede8da85173b3057d6246e57fe6c8 
 corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.5.20060mlcs4.x86_64.rpm
 aecec26bcdeee422d459a2954f04b672 
 corporate/4.0/x86_64/mysql-5.0.45-7.5.20060mlcs4.x86_64.rpm
 7a5bf0a23e30f5a90d9d4854336deffe 
 corporate/4.0/x86_64/mysql-bench-5.0.45-7.5.20060mlcs4.x86_64.rpm
 4d94c1edf901b2684bfa8dc068bb3104 
 corporate/4.0/x86_64/mysql-client-5.0.45-7.5.20060mlcs4.x86_64.rpm
 9d64073c0b6dcd8105287ff63f0a0c4a 
 corporate/4.0/x86_64/mysql-common-5.0.45-7.5.20060mlcs4.x86_64.rpm
 a45f67cbcbd94f7a2bdd52c7c8e0b63c 
 corporate/4.0/x86_64/mysql-max-5.0.45-7.5.20060mlcs4.x86_64.rpm
 16992665a228aaeabf1173091f42851d 
 corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.5.20060mlcs4.x86_64.rpm
 d671fbc049723408cd54887e515254a5 
 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.5.20060mlcs4.x86_64.rpm
 aa940e6938a3df48a633f330e9b052e4 
 corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.5.20060mlcs4.x86_64.rpm
 59bbb6d07f0cae5ed7c15ab64a4d87a6 
 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.5.20060mlcs4.x86_64.rpm 
 45375c56eae6358757ff43a387ba409f 
 corporate/4.0/SRPMS/mysql-5.0.45-7.5.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 718de612bced10178e020ae27fe1a1b5 
 mes5/i586/libmysql15-5.0.89-0.1mdvmes5.i586.rpm
 dc2a9a11dfcb48ac2f8d0956c261f96d 
 mes5/i586/libmysql-devel-5.0.89-0.1mdvmes5.i586.rpm
 924a335d5f67b15a292936bf3c5443c1 
 mes5/i586/libmysql-static-devel-5.0.89-0.1mdvmes5.i586.rpm
 21f0efd48beee9399f25fcb5582a9512  mes5/i586/mysql-5.0.89-0.1mdvmes5.i586.rpm
 37cbbc23f76140121f48192591113052 
 mes5/i586/mysql-bench-5.0.89-0.1mdvmes5.i586.rpm
 e1c6f2262400d34f83d2d42ed139a888 
 mes5/i586/mysql-client-5.0.89-0.1mdvmes5.i586.rpm
 46b17b10f926516b26258ede8f4ea65f 
 mes5/i586/mysql-common-5.0.89-0.1mdvmes5.i586.rpm
 d3a605169330d36b7c947870091c34d4 
 mes5/i586/mysql-doc-5.0.89-0.1mdvmes5.i586.rpm
 56d9aa1a50948d7dbfa85879ae518de2 
 mes5/i586/mysql-max-5.0.89-0.1mdvmes5.i586.rpm
 9c960d3059181c42c92db59ffb01884d 
 mes5/i586/mysql-ndb-extra-5.0.89-0.1mdvmes5.i586.rpm
 1a62e09b43038c8ce7bbf347bfa34c1e 
 mes5/i586/mysql-ndb-management-5.0.89-0.1mdvmes5.i586.rpm
 1b4218e50795d67c4f3798d1e180c642 
 mes5/i586/mysql-ndb-storage-5.0.89-0.1mdvmes5.i586.rpm
 6eedeb5e0a43780370b4841d30d9e724 
 mes5/i586/mysql-ndb-tools-5.0.89-0.1mdvmes5.i586.rpm 
 646fbf2aa6a8f66a7fccac739c67c32d  mes5/SRPMS/mysql-5.0.89-0.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bf30cbec79c8448170f88cc413041a35 
 mes5/x86_64/lib64mysql15-5.0.89-0.1mdvmes5.x86_64.rpm
 dac1cd73b8dd75a5b853f58c420dabe5 
 mes5/x86_64/lib64mysql-devel-5.0.89-0.1mdvmes5.x86_64.rpm
 5a431485ef2ec397388a5cf2968d4560 
 mes5/x86_64/lib64mysql-static-devel-5.0.89-0.1mdvmes5.x86_64.rpm
 dfaea673e8d9028a706c5354a5b9bc5d 
 mes5/x86_64/mysql-5.0.89-0.1mdvmes5.x86_64.rpm
 03dce9f103187746e6fa682b98ae9812 
 mes5/x86_64/mysql-bench-5.0.89-0.1mdvmes5.x86_64.rpm
 d39c93b7132cd9b1c22d78ce7bef1ff7 
 mes5/x86_64/mysql-client-5.0.89-0.1mdvmes5.x86_64.rpm
 489bf11ad3b952902708e4be2b083795 
 mes5/x86_64/mysql-common-5.0.89-0.1mdvmes5.x86_64.rpm
 4312a570eaecd156947e614c33f651e5 
 mes5/x86_64/mysql-doc-5.0.89-0.1mdvmes5.x86_64.rpm
 2dbf910909ccab61e849083d57a7dde2 
 mes5/x86_64/mysql-max-5.0.89-0.1mdvmes5.x86_64.rpm
 2223c5ee628aa4624e77d6647a153891 
 mes5/x86_64/mysql-ndb-extra-5.0.89-0.1mdvmes5.x86_64.rpm
 3605cf8261c979d52dec00945f1fe0da 
 mes5/x86_64/mysql-ndb-management-5.0.89-0.1mdvmes5.x86_64.rpm
 0e6d563485135c130b461432b7c6d008 
 mes5/x86_64/mysql-ndb-storage-5.0.89-0.1mdvmes5.x86_64.rpm
 114419378d29f2cff2e5a74769a3bb4d 
 mes5/x86_64/mysql-ndb-tools-5.0.89-0.1mdvmes5.x86_64.rpm 
 646fbf2aa6a8f66a7fccac739c67c32d  mes5/SRPMS/mysql-5.0.89-0.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLU11dmqjQ0CJFipgRAjVaAKDgmPHANhOzKsHvLZERep6pdIPDrACfVLsZ
28YOITV3hdzuqB+otcFiTbk=
=cmQg
-----END PGP SIGNATURE-----


------------=_1263766712-24326-3595
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1263766712-24326-3595--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung