Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MySQL
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MySQL
ID: MDKSA-2007:243
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Di, 11. Dezember 2007, 02:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
Applikationen: MySQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1197336073-4794-6267


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:243
http://www.mandriva.com/security/
_______________________________________________________________________

Package : MySQL
Date : December 10, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability in MySQL prior to 5.0.45 did not require priveliges
such as SELECT for the source table in a CREATE TABLE LIKE statement,
allowing remote authenticated users to obtain sensitive information
such as the table structure (CVE-2007-3781).

A vulnerability in the InnoDB engine in MySQL allowed remote
authenticated users to cause a denial of service (database crash)
via certain CONTAINS operations on an indexed column, which triggered
an assertion error (CVE-2007-5925).

Using RENAME TABLE against a table with explicit DATA DIRECTORY and
INDEX DIRECTORY options could be used to overwrite system table
information by replacing the file to which a symlink pointed to
(CVE-2007-5969).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
ae48df2b0377d0f2ebb0aaaa7b6310c6
2007.0/i586/MySQL-5.0.24a-2.3mdv2007.0.i586.rpm
ecf691100caecf50b3643b6c254e0b1b
2007.0/i586/MySQL-Max-5.0.24a-2.3mdv2007.0.i586.rpm
8b6f53c1c9fa5f2150a8e7cc20b3a635
2007.0/i586/MySQL-bench-5.0.24a-2.3mdv2007.0.i586.rpm
bde8ba1841f68683a984cdea2405d40d
2007.0/i586/MySQL-client-5.0.24a-2.3mdv2007.0.i586.rpm
01dcc1472f5c013e80454458ca0bcdd5
2007.0/i586/MySQL-common-5.0.24a-2.3mdv2007.0.i586.rpm
d8ffbdd8f1e83dddc18ae1ab3da417ce
2007.0/i586/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.i586.rpm
836a595ac27e4e1bf9f0c554c625d8ee
2007.0/i586/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.i586.rpm
a830470e23ab010c43165d89ee64d2b1
2007.0/i586/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.i586.rpm
89311e6a8ab90817d697100492d99695
2007.0/i586/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.i586.rpm
3cf781afa097fba7d0e80efe4e8c7316
2007.0/i586/libmysql15-5.0.24a-2.3mdv2007.0.i586.rpm
54c8da360b46bec71b1d6e165f29cd10
2007.0/i586/libmysql15-devel-5.0.24a-2.3mdv2007.0.i586.rpm
150e51cad7944bd0a079ce0fa04f4396
2007.0/i586/libmysql15-static-devel-5.0.24a-2.3mdv2007.0.i586.rpm
b26414bdd5720ef35f6f76bbb5822760
2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
dafabcfc5d4c8a72f122efeea6de49d6
2007.0/x86_64/MySQL-5.0.24a-2.3mdv2007.0.x86_64.rpm
9dd7a9ddedc86e0b7fc2a5c84f483c68
2007.0/x86_64/MySQL-Max-5.0.24a-2.3mdv2007.0.x86_64.rpm
1a63a771fb1019101771a7933488a335
2007.0/x86_64/MySQL-bench-5.0.24a-2.3mdv2007.0.x86_64.rpm
3d353e6abc9cdcd92391e1d42b667347
2007.0/x86_64/MySQL-client-5.0.24a-2.3mdv2007.0.x86_64.rpm
e34fe5b73b3747c786e1e170cf503b28
2007.0/x86_64/MySQL-common-5.0.24a-2.3mdv2007.0.x86_64.rpm
dea1a4166a873372a5580b96bbcb81ee
2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.x86_64.rpm
86a9c04d129f88f3dfd9211a94fc0283
2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.x86_64.rpm
9f07fb9af772f3700af8d0655e6d4fc7
2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.x86_64.rpm
160166e5ef2aa5614e6bbf97b40e83b0
2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.x86_64.rpm
4437780704ec957046236da489097898
2007.0/x86_64/lib64mysql15-5.0.24a-2.3mdv2007.0.x86_64.rpm
e183be407214a07cf03bca7a9d48a003
2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm
924fe118e9b7d3195f98ec5488069087
2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm
b26414bdd5720ef35f6f76bbb5822760
2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
af618358834880d59c51efbb9114f44b
2007.1/i586/MySQL-5.0.37-2.3mdv2007.1.i586.rpm
bdf67dcabe1419c25be32e704ffc9118
2007.1/i586/MySQL-Max-5.0.37-2.3mdv2007.1.i586.rpm
a0e054eee6399ca0ac038ffdbf062b49
2007.1/i586/MySQL-bench-5.0.37-2.3mdv2007.1.i586.rpm
edc74fc3a9f85e0834ad8de6b5c7641a
2007.1/i586/MySQL-client-5.0.37-2.3mdv2007.1.i586.rpm
a05be3c7dbab742efc31c52174cb80f8
2007.1/i586/MySQL-common-5.0.37-2.3mdv2007.1.i586.rpm
110e07270766e269ea8c720c69ffea31
2007.1/i586/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.i586.rpm
f97bc06af4f92fb1641ccc8c8c755925
2007.1/i586/MySQL-ndb-management-5.0.37-2.3mdv2007.1.i586.rpm
80061a23f4f385ea92ead26926a4f1bd
2007.1/i586/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.i586.rpm
e7746d0fdaedc620600ca804217880be
2007.1/i586/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.i586.rpm
341849b4e854eecee9bce112de3aabbf
2007.1/i586/libmysql15-5.0.37-2.3mdv2007.1.i586.rpm
f54ad215095b969d4eaa9387888ee382
2007.1/i586/libmysql15-devel-5.0.37-2.3mdv2007.1.i586.rpm
a8ccc5cd79afb825f07b800562eeb983
2007.1/i586/libmysql15-static-devel-5.0.37-2.3mdv2007.1.i586.rpm
c15830b94be90e125932c124277cb4e5
2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
4114f7053c623903ae1052c87298104a
2007.1/x86_64/MySQL-5.0.37-2.3mdv2007.1.x86_64.rpm
6dc932e046c3acea306c2d73f974cd4d
2007.1/x86_64/MySQL-Max-5.0.37-2.3mdv2007.1.x86_64.rpm
af7084761155f1ae4ae4ffb38fd6f5d5
2007.1/x86_64/MySQL-bench-5.0.37-2.3mdv2007.1.x86_64.rpm
c9ac2de19761bec973a01587fa5e4771
2007.1/x86_64/MySQL-client-5.0.37-2.3mdv2007.1.x86_64.rpm
630177c360a7ccef549856b489c1cba9
2007.1/x86_64/MySQL-common-5.0.37-2.3mdv2007.1.x86_64.rpm
2e54c976e101b85d01b28b010a155117
2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.x86_64.rpm
19c236527f8d45b49a68081b61b198b9
2007.1/x86_64/MySQL-ndb-management-5.0.37-2.3mdv2007.1.x86_64.rpm
9621e6dbaa7414fcc509ca03c0c1b9fc
2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.x86_64.rpm
4ccced339bde031d32d68da7ecac9c62
2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.x86_64.rpm
e889ec496f2e3f49614f83972a387b88
2007.1/x86_64/lib64mysql15-5.0.37-2.3mdv2007.1.x86_64.rpm
e3d0231d99696ba1c6d17b7243cb0572
2007.1/x86_64/lib64mysql15-devel-5.0.37-2.3mdv2007.1.x86_64.rpm
7af0d505dd140cd2b93ed8df1ffda4c3
2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.3mdv2007.1.x86_64.rpm
c15830b94be90e125932c124277cb4e5
2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:
89cdb41e21ed18fc26ceed435aa7d93b
2008.0/i586/libmysql-devel-5.0.45-7.1mdv2008.0.i586.rpm
cba56cb02d635ad2f7836efa669a3e3a
2008.0/i586/libmysql-static-devel-5.0.45-7.1mdv2008.0.i586.rpm
ba1f720538f76334697746f9356467cf
2008.0/i586/libmysql15-5.0.45-7.1mdv2008.0.i586.rpm
95283adc79f2fe21611aa595f047ff22
2008.0/i586/mysql-5.0.45-7.1mdv2008.0.i586.rpm
53cc7abc631e7046e8510ad7bfcd9401
2008.0/i586/mysql-bench-5.0.45-7.1mdv2008.0.i586.rpm
7c625f140ce1a4ec8708424256ff75a2
2008.0/i586/mysql-client-5.0.45-7.1mdv2008.0.i586.rpm
81549bb1dc4d2ad0e328c67ea76245e5
2008.0/i586/mysql-common-5.0.45-7.1mdv2008.0.i586.rpm
71bf968ec0e8c0a8fac261605dff029c
2008.0/i586/mysql-max-5.0.45-7.1mdv2008.0.i586.rpm
8dcc6d09c69169e9a58dd44e39022364
2008.0/i586/mysql-ndb-extra-5.0.45-7.1mdv2008.0.i586.rpm
f1928ffbe77276098519f64c6f522e1a
2008.0/i586/mysql-ndb-management-5.0.45-7.1mdv2008.0.i586.rpm
0770146e29802dd26bacc6768f4e0202
2008.0/i586/mysql-ndb-storage-5.0.45-7.1mdv2008.0.i586.rpm
bc9325b67c64f9ba63d14d7eb582bd1a
2008.0/i586/mysql-ndb-tools-5.0.45-7.1mdv2008.0.i586.rpm
c0575884589bcd70be748a2ff39f19c1
2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
5adbf1a745ebe3c9d68600e6ae3cc90d
2008.0/x86_64/lib64mysql-devel-5.0.45-7.1mdv2008.0.x86_64.rpm
fcef4c2a7bf00d5939bd0a2512f05004
2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.1mdv2008.0.x86_64.rpm
3ebea8d3fbedacb7a96195f1a49e0004
2008.0/x86_64/lib64mysql15-5.0.45-7.1mdv2008.0.x86_64.rpm
d08b3ec903dc8c804d573796a401ec64
2008.0/x86_64/mysql-5.0.45-7.1mdv2008.0.x86_64.rpm
b40014e51bf2e68b5dd67365ae099885
2008.0/x86_64/mysql-bench-5.0.45-7.1mdv2008.0.x86_64.rpm
faf05a4c4a684e63db58e2cfa779066c
2008.0/x86_64/mysql-client-5.0.45-7.1mdv2008.0.x86_64.rpm
d5d51b2fe6810193443e337cc063cc6f
2008.0/x86_64/mysql-common-5.0.45-7.1mdv2008.0.x86_64.rpm
36db213a8d356145f769c4764ecfdb43
2008.0/x86_64/mysql-max-5.0.45-7.1mdv2008.0.x86_64.rpm
3b7b4c4348a94687e6f70a077190578a
2008.0/x86_64/mysql-ndb-extra-5.0.45-7.1mdv2008.0.x86_64.rpm
6c6b4ac3e2e7f93ec4ae7736989a4865
2008.0/x86_64/mysql-ndb-management-5.0.45-7.1mdv2008.0.x86_64.rpm
ae26212b354d64f8c903dc771bc9d1b7
2008.0/x86_64/mysql-ndb-storage-5.0.45-7.1mdv2008.0.x86_64.rpm
ebd97d817a3c8c6d208712ad8fc5b788
2008.0/x86_64/mysql-ndb-tools-5.0.45-7.1mdv2008.0.x86_64.rpm
c0575884589bcd70be748a2ff39f19c1
2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm

Corporate 4.0:
e7d08c55508c5aff029bc712c3eaa985
corporate/4.0/i586/MySQL-5.0.24-1.3.20060mlcs4.i586.rpm
2929501ca876443313448190a76dd4b1
corporate/4.0/i586/MySQL-Max-5.0.24-1.3.20060mlcs4.i586.rpm
42ae6b36dd3fd0b655cdf853bcdac756
corporate/4.0/i586/MySQL-bench-5.0.24-1.3.20060mlcs4.i586.rpm
bf6c9a292ac3ceffe194b9515353bcf8
corporate/4.0/i586/MySQL-client-5.0.24-1.3.20060mlcs4.i586.rpm
423f7921eb3f13bce192b361115b63be
corporate/4.0/i586/MySQL-common-5.0.24-1.3.20060mlcs4.i586.rpm
b0ceab082e27ee7ec0463396cc3239a5
corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.i586.rpm
64e94e4df86309716ba11f28e7c06086
corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.i586.rpm
68965d44922b0b7c6ccb58a939747c73
corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.i586.rpm
72dfe4a7c58ed1249cb096b9f0d661ca
corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.i586.rpm
f5da97c0283a559c161956371b92c1de
corporate/4.0/i586/libmysql15-5.0.24-1.3.20060mlcs4.i586.rpm
d835024b4814af69ca86c90a417b1ab5
corporate/4.0/i586/libmysql15-devel-5.0.24-1.3.20060mlcs4.i586.rpm
9c6c70427dfed5a57a13e5902a98022b
corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.3.20060mlcs4.i586.rpm
399ce94ad408bddedab3d81288121625
corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7e2d63d05b367f306249c9550208e118
corporate/4.0/x86_64/MySQL-5.0.24-1.3.20060mlcs4.x86_64.rpm
5173adbc8c5eab3d28c6b9e3ec43ff87
corporate/4.0/x86_64/MySQL-Max-5.0.24-1.3.20060mlcs4.x86_64.rpm
942043cc7038c2b67a5fc46ceb8f3103
corporate/4.0/x86_64/MySQL-bench-5.0.24-1.3.20060mlcs4.x86_64.rpm
b7e443185fd52a138e59db1b585892a4
corporate/4.0/x86_64/MySQL-client-5.0.24-1.3.20060mlcs4.x86_64.rpm
68b16b2a302efd03fe14393101e456b1
corporate/4.0/x86_64/MySQL-common-5.0.24-1.3.20060mlcs4.x86_64.rpm
8f29021b04eb3467ae0ffab4af5e7e93
corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.x86_64.rpm
ae0b10b13ea0dd9baef8c1a2a728ffde
corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.x86_64.rpm
b21a2b8fc11c15b4106096f819b56997
corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.x86_64.rpm
3ed7adeec020550150264758f002a296
corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.x86_64.rpm
21aeb21a7295e6cadc89d9cdf5a917fa
corporate/4.0/x86_64/lib64mysql15-5.0.24-1.3.20060mlcs4.x86_64.rpm
bb9cfd0b7bf9dcadb498ec550b4e135c
corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm
3b7daadd91dc22dbb16b5c2e9f16a11c
corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm
399ce94ad408bddedab3d81288121625
corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHXbndmqjQ0CJFipgRApC8AJ4i3TnENhYsdgeNsxRmcvjkzOCMxACg4W6r
84ksq8yvKbneUsb8qd4J6pw=
=YmKU
-----END PGP SIGNATURE-----


------------=_1197336073-4794-6267
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1197336073-4794-6267--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung