Date: Wed, 17 Sep 2003 15:43:29 +0200
From: Trustix Secure Linux Advisor <[email protected]>
To: [email protected]Subject: TSLSA-2003-0034 - mysql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0034
Package name: mysql
Summary: New upstream versions
Date: 2003-09-17
Affected versions: TSL 1.5, 2.0
- --------------------------------------------------------------------------
Package description:
MySQL is a true multi-user, multi-threaded SQL (Structured Query
Language) database server. MySQL is a client/server implementation
that consists of a server daemon (mysqld) and many different client
programs/libraries.
Problem description:
From the mysql advisory:
Fixed buffer overflow in SET PASSWORD which could potentially be exploited
by MySQL users with root privileges to execute random code or to gain shell
access (thanks to Jedi/Sector One for spotting and reporting this one).
We have updated the packages in 1.5 and 2.0 to the latest stable versions.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Public testing:
These packages have been available for public testing for some time.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://www.trustix.net/pub/Trustix/testing/>
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
You may also use swup for public testing of updates for TSL 2.0 and later:
site {
class = 0
location = "http://snow.trustix.org/cloud/rdfs/latest.rdf"
regexp = ".*"
}
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.5/> and
<URI:http://www.trustix.net/errata/trustix-2.0/>
or directly at
<URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0034-mysql.asc.txt>
MD5sums of the packages:
- --------------------------------------------------------------------------
ae94dfc7600f68670bcf246ce435f2d1 ./2.0/SRPMS/mysql-4.0.15-3tr.src.rpm
2ac208f4f0910fa86792f8a20af7f082 ./2.0/RPMS/mysql-shared-4.0.15-3tr.i586.rpm
260e4a6f5e8670b579210c5b78dfd49b ./2.0/RPMS/mysql-libs-4.0.15-3tr.i586.rpm
fdf654a3f02998c590778c5172d235e5 ./2.0/RPMS/mysql-devel-4.0.15-3tr.i586.rpm
92b7468cd88a4cb7322a671bda6f4235 ./2.0/RPMS/mysql-client-4.0.15-3tr.i586.rpm
fb62317fb3243f186c4f821be3d7e300 ./2.0/RPMS/mysql-bench-4.0.15-3tr.i586.rpm
151c6bcdfc77ea41098ef5163210faed ./2.0/RPMS/mysql-4.0.15-3tr.i586.rpm
90ad9bb56b009d103c118a250b17b5fe ./1.5/SRPMS/mysql-3.23.58-1tr.src.rpm
8a4d0a8ea2d74718e70b1ddf1ab4c0cc ./1.5/RPMS/mysql-shared-3.23.58-1tr.i586.rpm
6a2a7efcc54ef5d17ce8b0c7fbbb01a6 ./1.5/RPMS/mysql-devel-3.23.58-1tr.i586.rpm
99ba83b4de24019b8fa04c34ef638c14 ./1.5/RPMS/mysql-client-3.23.58-1tr.i586.rpm
15d6ad9e22e45757a906526be65b9972 ./1.5/RPMS/mysql-bench-3.23.58-1tr.i586.rpm
337c341126022123229edb0b567f2825 ./1.5/RPMS/mysql-3.23.58-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/aFbnwRTcg4BxxS0RAmDSAJ90YR+9U7UKPe8zkHjvdQnlodwsuQCdHaea
3ZVBbDUj8T8bftVjnfgJLd4=
=SpeO
-----END PGP SIGNATURE-----