full-disclosure-uk December 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDKSA-2007:243 ] - Updat

[Full-disclosure] [ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities

From: <security_at_nospam>
Date: Tue Dec 11 2007 - 01:18:23 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  Mandriva Linux Security Advisory MDKSA-2007:243  http://www.mandriva.com/security/
  Package : MySQL Date : December 10, 2007 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________

 Problem Description:  

 A vulnerability in MySQL prior to 5.0.45 did not require priveliges  such as SELECT for the source table in a CREATE TABLE LIKE statement,  allowing remote authenticated users to obtain sensitive information  such as the table structure (CVE-2007-3781).  

 A vulnerability in the InnoDB engine in MySQL allowed remote  authenticated users to cause a denial of service (database crash)  via certain CONTAINS operations on an indexed column, which triggered  an assertion error (CVE-2007-5925).  

 Using RENAME TABLE against a table with explicit DATA DIRECTORY and  INDEX DIRECTORY options could be used to overwrite system table  information by replacing the file to which a symlink pointed to  (CVE-2007-5969).    The updated packages have been patched to correct these issues.


 References:   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
_______________________________________________________________________

 Updated Packages:  

 Mandriva Linux 2007.0: ae48df2b0377d0f2ebb0aaaa7b6310c6 2007.0/i586/MySQL-5.0.24a-2.3mdv2007.0.i586.rpm ecf691100caecf50b3643b6c254e0b1b 2007.0/i586/MySQL-Max-5.0.24a-2.3mdv2007.0.i586.rpm 8b6f53c1c9fa5f2150a8e7cc20b3a635 2007.0/i586/MySQL-bench-5.0.24a-2.3mdv2007.0.i586.rpm bde8ba1841f68683a984cdea2405d40d 2007.0/i586/MySQL-client-5.0.24a-2.3mdv2007.0.i586.rpm 01dcc1472f5c013e80454458ca0bcdd5 2007.0/i586/MySQL-common-5.0.24a-2.3mdv2007.0.i586.rpm d8ffbdd8f1e83dddc18ae1ab3da417ce 2007.0/i586/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.i586.rpm 836a595ac27e4e1bf9f0c554c625d8ee 2007.0/i586/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.i586.rpm a830470e23ab010c43165d89ee64d2b1 2007.0/i586/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.i586.rpm 89311e6a8ab90817d697100492d99695 2007.0/i586/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.i586.rpm 3cf781afa097fba7d0e80efe4e8c7316 2007.0/i586/libmysql15-5.0.24a-2.3mdv2007.0.i586.rpm 54c8da360b46bec71b1d6e165f29cd10 2007.0/i586/libmysql15-devel-5.0.24a-2.3mdv2007.0.i586.rpm 150e51cad7944bd0a079ce0fa04f4396 2007.0/i586/libmysql15-static-devel-5.0.24a-2.3mdv2007.0.i586.rpm b26414bdd5720ef35f6f76bbb5822760 2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64: dafabcfc5d4c8a72f122efeea6de49d6 2007.0/x86_64/MySQL-5.0.24a-2.3mdv2007.0.x86_64.rpm 9dd7a9ddedc86e0b7fc2a5c84f483c68 2007.0/x86_64/MySQL-Max-5.0.24a-2.3mdv2007.0.x86_64.rpm 1a63a771fb1019101771a7933488a335 2007.0/x86_64/MySQL-bench-5.0.24a-2.3mdv2007.0.x86_64.rpm 3d353e6abc9cdcd92391e1d42b667347 2007.0/x86_64/MySQL-client-5.0.24a-2.3mdv2007.0.x86_64.rpm e34fe5b73b3747c786e1e170cf503b28 2007.0/x86_64/MySQL-common-5.0.24a-2.3mdv2007.0.x86_64.rpm dea1a4166a873372a5580b96bbcb81ee 2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.x86_64.rpm 86a9c04d129f88f3dfd9211a94fc0283 2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.x86_64.rpm 9f07fb9af772f3700af8d0655e6d4fc7 2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.x86_64.rpm 160166e5ef2aa5614e6bbf97b40e83b0 2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.x86_64.rpm 4437780704ec957046236da489097898 2007.0/x86_64/lib64mysql15-5.0.24a-2.3mdv2007.0.x86_64.rpm e183be407214a07cf03bca7a9d48a003 2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm 924fe118e9b7d3195f98ec5488069087 2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm b26414bdd5720ef35f6f76bbb5822760 2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1: af618358834880d59c51efbb9114f44b 2007.1/i586/MySQL-5.0.37-2.3mdv2007.1.i586.rpm bdf67dcabe1419c25be32e704ffc9118 2007.1/i586/MySQL-Max-5.0.37-2.3mdv2007.1.i586.rpm a0e054eee6399ca0ac038ffdbf062b49 2007.1/i586/MySQL-bench-5.0.37-2.3mdv2007.1.i586.rpm edc74fc3a9f85e0834ad8de6b5c7641a 2007.1/i586/MySQL-client-5.0.37-2.3mdv2007.1.i586.rpm a05be3c7dbab742efc31c52174cb80f8 2007.1/i586/MySQL-common-5.0.37-2.3mdv2007.1.i586.rpm 110e07270766e269ea8c720c69ffea31 2007.1/i586/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.i586.rpm f97bc06af4f92fb1641ccc8c8c755925 2007.1/i586/MySQL-ndb-management-5.0.37-2.3mdv2007.1.i586.rpm 80061a23f4f385ea92ead26926a4f1bd 2007.1/i586/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.i586.rpm e7746d0fdaedc620600ca804217880be 2007.1/i586/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.i586.rpm 341849b4e854eecee9bce112de3aabbf 2007.1/i586/libmysql15-5.0.37-2.3mdv2007.1.i586.rpm f54ad215095b969d4eaa9387888ee382 2007.1/i586/libmysql15-devel-5.0.37-2.3mdv2007.1.i586.rpm a8ccc5cd79afb825f07b800562eeb983 2007.1/i586/libmysql15-static-devel-5.0.37-2.3mdv2007.1.i586.rpm c15830b94be90e125932c124277cb4e5 2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64: 4114f7053c623903ae1052c87298104a 2007.1/x86_64/MySQL-5.0.37-2.3mdv2007.1.x86_64.rpm 6dc932e046c3acea306c2d73f974cd4d 2007.1/x86_64/MySQL-Max-5.0.37-2.3mdv2007.1.x86_64.rpm af7084761155f1ae4ae4ffb38fd6f5d5 2007.1/x86_64/MySQL-bench-5.0.37-2.3mdv2007.1.x86_64.rpm c9ac2de19761bec973a01587fa5e4771 2007.1/x86_64/MySQL-client-5.0.37-2.3mdv2007.1.x86_64.rpm 630177c360a7ccef549856b489c1cba9 2007.1/x86_64/MySQL-common-5.0.37-2.3mdv2007.1.x86_64.rpm 2e54c976e101b85d01b28b010a155117 2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.x86_64.rpm 19c236527f8d45b49a68081b61b198b9 2007.1/x86_64/MySQL-ndb-management-5.0.37-2.3mdv2007.1.x86_64.rpm 9621e6dbaa7414fcc509ca03c0c1b9fc 2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.x86_64.rpm 4ccced339bde031d32d68da7ecac9c62 2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.x86_64.rpm e889ec496f2e3f49614f83972a387b88 2007.1/x86_64/lib64mysql15-5.0.37-2.3mdv2007.1.x86_64.rpm e3d0231d99696ba1c6d17b7243cb0572 2007.1/x86_64/lib64mysql15-devel-5.0.37-2.3mdv2007.1.x86_64.rpm 7af0d505dd140cd2b93ed8df1ffda4c3 2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.3mdv2007.1.x86_64.rpm c15830b94be90e125932c124277cb4e5 2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0: 89cdb41e21ed18fc26ceed435aa7d93b 2008.0/i586/libmysql-devel-5.0.45-7.1mdv2008.0.i586.rpm cba56cb02d635ad2f7836efa669a3e3a 2008.0/i586/libmysql-static-devel-5.0.45-7.1mdv2008.0.i586.rpm ba1f720538f76334697746f9356467cf 2008.0/i586/libmysql15-5.0.45-7.1mdv2008.0.i586.rpm 95283adc79f2fe21611aa595f047ff22 2008.0/i586/mysql-5.0.45-7.1mdv2008.0.i586.rpm 53cc7abc631e7046e8510ad7bfcd9401 2008.0/i586/mysql-bench-5.0.45-7.1mdv2008.0.i586.rpm 7c625f140ce1a4ec8708424256ff75a2 2008.0/i586/mysql-client-5.0.45-7.1mdv2008.0.i586.rpm 81549bb1dc4d2ad0e328c67ea76245e5 2008.0/i586/mysql-common-5.0.45-7.1mdv2008.0.i586.rpm 71bf968ec0e8c0a8fac261605dff029c 2008.0/i586/mysql-max-5.0.45-7.1mdv2008.0.i586.rpm 8dcc6d09c69169e9a58dd44e39022364 2008.0/i586/mysql-ndb-extra-5.0.45-7.1mdv2008.0.i586.rpm f1928ffbe77276098519f64c6f522e1a 2008.0/i586/mysql-ndb-management-5.0.45-7.1mdv2008.0.i586.rpm 0770146e29802dd26bacc6768f4e0202 2008.0/i586/mysql-ndb-storage-5.0.45-7.1mdv2008.0.i586.rpm bc9325b67c64f9ba63d14d7eb582bd1a 2008.0/i586/mysql-ndb-tools-5.0.45-7.1mdv2008.0.i586.rpm c0575884589bcd70be748a2ff39f19c1 2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 5adbf1a745ebe3c9d68600e6ae3cc90d 2008.0/x86_64/lib64mysql-devel-5.0.45-7.1mdv2008.0.x86_64.rpm fcef4c2a7bf00d5939bd0a2512f05004 2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.1mdv2008.0.x86_64.rpm 3ebea8d3fbedacb7a96195f1a49e0004 2008.0/x86_64/lib64mysql15-5.0.45-7.1mdv2008.0.x86_64.rpm d08b3ec903dc8c804d573796a401ec64 2008.0/x86_64/mysql-5.0.45-7.1mdv2008.0.x86_64.rpm b40014e51bf2e68b5dd67365ae099885 2008.0/x86_64/mysql-bench-5.0.45-7.1mdv2008.0.x86_64.rpm faf05a4c4a684e63db58e2cfa779066c 2008.0/x86_64/mysql-client-5.0.45-7.1mdv2008.0.x86_64.rpm d5d51b2fe6810193443e337cc063cc6f 2008.0/x86_64/mysql-common-5.0.45-7.1mdv2008.0.x86_64.rpm 36db213a8d356145f769c4764ecfdb43 2008.0/x86_64/mysql-max-5.0.45-7.1mdv2008.0.x86_64.rpm 3b7b4c4348a94687e6f70a077190578a 2008.0/x86_64/mysql-ndb-extra-5.0.45-7.1mdv2008.0.x86_64.rpm 6c6b4ac3e2e7f93ec4ae7736989a4865 2008.0/x86_64/mysql-ndb-management-5.0.45-7.1mdv2008.0.x86_64.rpm ae26212b354d64f8c903dc771bc9d1b7 2008.0/x86_64/mysql-ndb-storage-5.0.45-7.1mdv2008.0.x86_64.rpm ebd97d817a3c8c6d208712ad8fc5b788 2008.0/x86_64/mysql-ndb-tools-5.0.45-7.1mdv2008.0.x86_64.rpm c0575884589bcd70be748a2ff39f19c1 2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm

 Corporate 4.0: e7d08c55508c5aff029bc712c3eaa985 corporate/4.0/i586/MySQL-5.0.24-1.3.20060mlcs4.i586.rpm 2929501ca876443313448190a76dd4b1 corporate/4.0/i586/MySQL-Max-5.0.24-1.3.20060mlcs4.i586.rpm 42ae6b36dd3fd0b655cdf853bcdac756 corporate/4.0/i586/MySQL-bench-5.0.24-1.3.20060mlcs4.i586.rpm bf6c9a292ac3ceffe194b9515353bcf8 corporate/4.0/i586/MySQL-client-5.0.24-1.3.20060mlcs4.i586.rpm 423f7921eb3f13bce192b361115b63be corporate/4.0/i586/MySQL-common-5.0.24-1.3.20060mlcs4.i586.rpm b0ceab082e27ee7ec0463396cc3239a5 corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.i586.rpm 64e94e4df86309716ba11f28e7c06086 corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.i586.rpm 68965d44922b0b7c6ccb58a939747c73 corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.i586.rpm 72dfe4a7c58ed1249cb096b9f0d661ca corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.i586.rpm f5da97c0283a559c161956371b92c1de corporate/4.0/i586/libmysql15-5.0.24-1.3.20060mlcs4.i586.rpm d835024b4814af69ca86c90a417b1ab5 corporate/4.0/i586/libmysql15-devel-5.0.24-1.3.20060mlcs4.i586.rpm 9c6c70427dfed5a57a13e5902a98022b corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.3.20060mlcs4.i586.rpm 399ce94ad408bddedab3d81288121625 corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64: 7e2d63d05b367f306249c9550208e118 corporate/4.0/x86_64/MySQL-5.0.24-1.3.20060mlcs4.x86_64.rpm 5173adbc8c5eab3d28c6b9e3ec43ff87 corporate/4.0/x86_64/MySQL-Max-5.0.24-1.3.20060mlcs4.x86_64.rpm 942043cc7038c2b67a5fc46ceb8f3103 corporate/4.0/x86_64/MySQL-bench-5.0.24-1.3.20060mlcs4.x86_64.rpm b7e443185fd52a138e59db1b585892a4 corporate/4.0/x86_64/MySQL-client-5.0.24-1.3.20060mlcs4.x86_64.rpm 68b16b2a302efd03fe14393101e456b1 corporate/4.0/x86_64/MySQL-common-5.0.24-1.3.20060mlcs4.x86_64.rpm 8f29021b04eb3467ae0ffab4af5e7e93 corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.x86_64.rpm ae0b10b13ea0dd9baef8c1a2a728ffde corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.x86_64.rpm b21a2b8fc11c15b4106096f819b56997 corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.x86_64.rpm 3ed7adeec020550150264758f002a296 corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.x86_64.rpm 21aeb21a7295e6cadc89d9cdf5a917fa corporate/4.0/x86_64/lib64mysql15-5.0.24-1.3.20060mlcs4.x86_64.rpm bb9cfd0b7bf9dcadb498ec550b4e135c corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm 3b7daadd91dc22dbb16b5c2e9f16a11c corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm 399ce94ad408bddedab3d81288121625 corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHXbndmqjQ0CJFipgRApC8AJ4i3TnENhYsdgeNsxRmcvjkzOCMxACg4W6r 84ksq8yvKbneUsb8qd4J6pw=
=YmKU
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/