Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in MySQL Database Server
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in MySQL Database Server
ID: MDVSA-2010:044
Distribution: Mandriva
Plattformen: Mandriva 2009.1, Mandriva 2010.0
Datum: Mi, 24. Februar 2010, 08:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
Applikationen: MySQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1266616101-24326-4822


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:044
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : February 19, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________

Problem Description:

A vulnerabilitiy has been found and corrected in mysql:

MySQL is vulnerable to a symbolic link attack when the data home
directory contains a symlink to a different filesystem which allows
remote authenticated users to bypass intended access restrictions
(CVE-2008-7247).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
2f0b2aa01447c698f4c98a0456a1c69c
2009.1/i586/libmysql16-5.1.42-0.2mdv2009.1.i586.rpm
8b524729396bbb6208a782804dea5548
2009.1/i586/libmysql-devel-5.1.42-0.2mdv2009.1.i586.rpm
8bc0a6b0dc6193de2a12c19bba494de4
2009.1/i586/libmysql-static-devel-5.1.42-0.2mdv2009.1.i586.rpm
44fade6ed7091d45cb982c90c9967b78
2009.1/i586/mysql-5.1.42-0.2mdv2009.1.i586.rpm
2ce15b99962625064261eab3642bcf59
2009.1/i586/mysql-bench-5.1.42-0.2mdv2009.1.i586.rpm
b847bd3413b5b969010defab4e5a40fa
2009.1/i586/mysql-client-5.1.42-0.2mdv2009.1.i586.rpm
74f09051aaa94cb2ca8c9ddb59953eba
2009.1/i586/mysql-common-5.1.42-0.2mdv2009.1.i586.rpm
a184d26f07c87eaa3ef7287b2a855d98
2009.1/i586/mysql-doc-5.1.42-0.2mdv2009.1.i586.rpm
73830cb1bbbe377eeea1df07264c8ef5
2009.1/i586/mysql-max-5.1.42-0.2mdv2009.1.i586.rpm
66824bb460b0297a77a8746ed78cbe99
2009.1/i586/mysql-ndb-extra-5.1.42-0.2mdv2009.1.i586.rpm
59c3dec9fa4dbbc7a885836245a4078e
2009.1/i586/mysql-ndb-management-5.1.42-0.2mdv2009.1.i586.rpm
ae978fcfedd8fae37b8817f10880b419
2009.1/i586/mysql-ndb-storage-5.1.42-0.2mdv2009.1.i586.rpm
ba3da7eb5d0956150a56a3344e3ba55f
2009.1/i586/mysql-ndb-tools-5.1.42-0.2mdv2009.1.i586.rpm
ce22c4431b749422be94f25069d994a0
2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
62ff0176e3ddef7aafbdf750f25b47f8
2009.1/x86_64/lib64mysql16-5.1.42-0.2mdv2009.1.x86_64.rpm
6fbcf2099750cf81ee3452ed5ac0787f
2009.1/x86_64/lib64mysql-devel-5.1.42-0.2mdv2009.1.x86_64.rpm
53d08e3fbd79cea4ed26ff65add9765f
2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2009.1.x86_64.rpm
065ad0b6772ed3b7525f30cc82bbc435
2009.1/x86_64/mysql-5.1.42-0.2mdv2009.1.x86_64.rpm
bf07278c7ed2093b6af63972153bfff6
2009.1/x86_64/mysql-bench-5.1.42-0.2mdv2009.1.x86_64.rpm
78b190af22f530856839d81b7409af5a
2009.1/x86_64/mysql-client-5.1.42-0.2mdv2009.1.x86_64.rpm
645331fd75cb84ac64c386c61c190cc5
2009.1/x86_64/mysql-common-5.1.42-0.2mdv2009.1.x86_64.rpm
01b2309cbd090ef9c3fc6fbc69f7a754
2009.1/x86_64/mysql-doc-5.1.42-0.2mdv2009.1.x86_64.rpm
1448a5f6b87f94afb0f8a6e9d84f1ac1
2009.1/x86_64/mysql-max-5.1.42-0.2mdv2009.1.x86_64.rpm
6ba14cb108e5bebbf24a92cb5c6f7ebe
2009.1/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2009.1.x86_64.rpm
0e759f206b3da3385ef85574353ed9e4
2009.1/x86_64/mysql-ndb-management-5.1.42-0.2mdv2009.1.x86_64.rpm
5af588ba15272f44e0b572a6b4e52478
2009.1/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2009.1.x86_64.rpm
d6261440010c074d295bb851f9146a9a
2009.1/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2009.1.x86_64.rpm
ce22c4431b749422be94f25069d994a0
2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm

Mandriva Linux 2010.0:
44b895dce7ed6d97a834aff3406a3ccd
2010.0/i586/libmysql16-5.1.42-0.2mdv2010.0.i586.rpm
4cee478e44331238abdd640aa703b157
2010.0/i586/libmysql-devel-5.1.42-0.2mdv2010.0.i586.rpm
f962b485ef111348268290c8be76b29b
2010.0/i586/libmysql-static-devel-5.1.42-0.2mdv2010.0.i586.rpm
61c112619ffd8a3552a6ecf63970f051
2010.0/i586/mysql-5.1.42-0.2mdv2010.0.i586.rpm
062691f1e77e30bffaea73094b4d0413
2010.0/i586/mysql-bench-5.1.42-0.2mdv2010.0.i586.rpm
056c73a5e74c319f4539768c94d73c4e
2010.0/i586/mysql-client-5.1.42-0.2mdv2010.0.i586.rpm
7624c659c4a3da88e03225999de01469
2010.0/i586/mysql-common-5.1.42-0.2mdv2010.0.i586.rpm
30f34758e898a4a4dcc93d0c1bcb6192
2010.0/i586/mysql-common-core-5.1.42-0.2mdv2010.0.i586.rpm
cb06e6cf42509662b05e26e087c52d41
2010.0/i586/mysql-core-5.1.42-0.2mdv2010.0.i586.rpm
3438d54da48beb3d0380b53a0b78b8cd
2010.0/i586/mysql-doc-5.1.42-0.2mdv2010.0.i586.rpm
c4e2fdc5c0d725cd177b2dcd884d7743
2010.0/i586/mysql-max-5.1.42-0.2mdv2010.0.i586.rpm
f28ece33328a9b3270a1deee90d7cb3f
2010.0/i586/mysql-ndb-extra-5.1.42-0.2mdv2010.0.i586.rpm
43f9b3d2d6c6f3b7babc0a9f65317be2
2010.0/i586/mysql-ndb-management-5.1.42-0.2mdv2010.0.i586.rpm
ba863e83a0ad172dcf6ac45c9e18a397
2010.0/i586/mysql-ndb-storage-5.1.42-0.2mdv2010.0.i586.rpm
a042fd2f1675840827d3cb10956f3b04
2010.0/i586/mysql-ndb-tools-5.1.42-0.2mdv2010.0.i586.rpm
12f6c61720238739fcdd90db0fb51b4f
2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
ea556322b3f13413e7d04563d4d5e7eb
2010.0/x86_64/lib64mysql16-5.1.42-0.2mdv2010.0.x86_64.rpm
aaf281480d6d0151e55f29bc3ef46005
2010.0/x86_64/lib64mysql-devel-5.1.42-0.2mdv2010.0.x86_64.rpm
c1f73b5b14ad2ed5bac67ceed030f2af
2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2010.0.x86_64.rpm
1b343c72fbb285e315019d710d9af791
2010.0/x86_64/mysql-5.1.42-0.2mdv2010.0.x86_64.rpm
487b5275268598c2251e052de5547942
2010.0/x86_64/mysql-bench-5.1.42-0.2mdv2010.0.x86_64.rpm
0754d67fbb00d2b605118aa054e3accc
2010.0/x86_64/mysql-client-5.1.42-0.2mdv2010.0.x86_64.rpm
ea39b9654fb2180cea2d4a0cf893679a
2010.0/x86_64/mysql-common-5.1.42-0.2mdv2010.0.x86_64.rpm
332ffbed9bc8e5cd63826d9155e4162b
2010.0/x86_64/mysql-common-core-5.1.42-0.2mdv2010.0.x86_64.rpm
00850c47b9f2517ed3eee285458398d2
2010.0/x86_64/mysql-core-5.1.42-0.2mdv2010.0.x86_64.rpm
a65c273a6be0bba6dee7ba920f018be1
2010.0/x86_64/mysql-doc-5.1.42-0.2mdv2010.0.x86_64.rpm
c2b187a16cedc2bcadd056820d910a88
2010.0/x86_64/mysql-max-5.1.42-0.2mdv2010.0.x86_64.rpm
fe01b52c852b9fd1ab4651c947216be6
2010.0/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2010.0.x86_64.rpm
77f4079a5c81d128519ed5d80150b0be
2010.0/x86_64/mysql-ndb-management-5.1.42-0.2mdv2010.0.x86_64.rpm
982b7cbaf4751e34067a45003e153adf
2010.0/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2010.0.x86_64.rpm
75a9f93fdefc6f79018cc067a59e486a
2010.0/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2010.0.x86_64.rpm
12f6c61720238739fcdd90db0fb51b4f
2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLftsRmqjQ0CJFipgRAmHEAKCjA6517BjWBfNzsLDU/9NbiO/rQgCfY2/Q
/TfbHZh+CXGMdIo5DoK4QXA=
=QhVd
-----END PGP SIGNATURE-----


------------=_1266616101-24326-4822
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1266616101-24326-4822--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung