From: Mandrakelinux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:070 - Updated MySQL packages fix vulnerability
Message-Id: <E1DLbWz-0002ri-Gk@mercury.mandriva.com.>
Date: Wed, 13 Apr 2005 00:39:21 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2005:070
Date: April 12th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A vulnerability in MySQL would allow a user with grant privileges to a
database with a name containing an underscore character ("_") to have
the ability to grant privileges to other databases with similar names.
This problem was previously discovered and fixed, but a new case where
the problem still existed was recently discovered.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
417cd23f30451f252fea813d9f4ef3c2 10.0/RPMS/libmysql12-4.0.18-1.5.100mdk.i586.rpm
b831453eaa8fc45453e1744f8b3917f7 10.0/RPMS/libmysql12-devel-4.0.18-1.5.100mdk.i586.rpm
42b1d9cd652da8515b0380ff95b79f46 10.0/RPMS/MySQL-4.0.18-1.5.100mdk.i586.rpm
a551c71aad62c5df13a82b4056d566eb 10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.i586.rpm
685631fa240211a8184e643dc3d5f1cb 10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.i586.rpm
4e0fd82c672bc2da6dab8762c4d6b081 10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.i586.rpm
a4ac1306800921e4f4aa281061275bc4 10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.i586.rpm
90878d81d7401596b2da6b361fe2e360 10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
d8d8592e1c408b6422ac049e27619a01 amd64/10.0/RPMS/lib64mysql12-4.0.18-1.5.100mdk.amd64.rpm
092ba14f09198f4829cedefc08d00cec amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.5.100mdk.amd64.rpm
d266108df4723f914a59053d79fb9bb7 amd64/10.0/RPMS/MySQL-4.0.18-1.5.100mdk.amd64.rpm
04ddb557422c15f8c1f8d1eaddbafec4 amd64/10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.amd64.rpm
51973164698815c2f6c2dbb6e2139199 amd64/10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.amd64.rpm
60f890d8b8cbf29b9685f754b5c88d5d amd64/10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.amd64.rpm
d96b21d3ae9824214b864608b3577dbf amd64/10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.amd64.rpm
90878d81d7401596b2da6b361fe2e360 amd64/10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm
Mandrakelinux 10.1:
a6f881afe9579d59a9bb1dd6ad17baa8 10.1/RPMS/libmysql12-4.0.20-3.4.101mdk.i586.rpm
39f4f644320f49c51e873359eabf7b2c 10.1/RPMS/libmysql12-devel-4.0.20-3.4.101mdk.i586.rpm
4add025687ece5f2c8d8a90d75609904 10.1/RPMS/MySQL-4.0.20-3.4.101mdk.i586.rpm
b1c67252efd4ebd6d61aec46aceb40f1 10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.i586.rpm
489792984418629f6242ac779c68f222 10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.i586.rpm
ad896c2dbc95537f27dd730c9b56ee39 10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.i586.rpm
63288467c444fb9347ec1fe309816534 10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.i586.rpm
779b911478fa081b608a68ab6e8e2970 10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
897990c787d88ae1cded68f4b0744cc0 x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.4.101mdk.x86_64.rpm
5062c8704732e87a7457b7d8a78beaa4 x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.4.101mdk.x86_64.rpm
4ccc4901dfaccc2841f94baf3a1c15a0 x86_64/10.1/RPMS/MySQL-4.0.20-3.4.101mdk.x86_64.rpm
4da118dcd84c51df2692260d94891f12 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.x86_64.rpm
af2fb55fdeaf9b535a5de92288271037 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.x86_64.rpm
edfac12d91bb39fc57a2fb49a9729546 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.x86_64.rpm
2c3fc2282673cdaf70949400b2192f50 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.x86_64.rpm
779b911478fa081b608a68ab6e8e2970 x86_64/10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm
Corporate Server 2.1:
fee1c58289d49e1c519f77e9a1d13c50 corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.i586.rpm
f6551af58f46aa65c3dc6de68ec34961 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.i586.rpm
8391e0abdbcfde47585d768819b7f361 corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.i586.rpm
2269ed0f6f7267a464b214248e0cd9fb corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.i586.rpm
27d9c33c5213b04ab8222ac10b42bd97 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.i586.rpm
35b20bc721c1343ccbb2cdcd1c097a1a corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.i586.rpm
4bab4afbeee17e8ca6d31b57964aab10 corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
5c8d616a2cb39ae05ec8f4724707009f x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.x86_64.rpm
acea8f383bb42d00d4256fa607c4c2ec x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.x86_64.rpm
51f588ba999d520a44093a7e75d68622 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.x86_64.rpm
b5a0c02550feee335b4be9a3f522f722 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.x86_64.rpm
78cd60307b15749852130e11afbe3627 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.x86_64.rpm
b87924ea315b70d97dea1828fe4d411a x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.x86_64.rpm
4bab4afbeee17e8ca6d31b57964aab10 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm
Corporate 3.0:
29f5de555916e07a2eb3334f2981b679 corporate/3.0/RPMS/libmysql12-4.0.18-1.5.C30mdk.i586.rpm
f7e02a5400d09d850b8fa7cf0682b18f corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.5.C30mdk.i586.rpm
09b527600f42ec813228487fc360ef3a corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.i586.rpm
6f63a5bd9e92fd9282c4eb1dbf837d5f corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.i586.rpm
439c0118fd7729148826b0fb62429a4e corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.i586.rpm
6930f021fdaf18fa4f5db4cfd19a2f0b corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.i586.rpm
bf38329d5b2b25640db08ca71f4b3996 corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.i586.rpm
e7a934802980f13ead8d4cbde91c9272 corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
dbf8b1639bf38cae748ce0e88e9ffa2a x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.5.C30mdk.x86_64.rpm
1363deae1247afac0d47a5ea88446ad1 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.5.C30mdk.x86_64.rpm
1b91795ad659e8ab56e73e30a06c002c x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.x86_64.rpm
cffa0c76bfbfbbffa840b109505a8c9d x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.x86_64.rpm
3c02203cbfef60142e1686ab5574b387 x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.x86_64.rpm
fd474c00f7584a000b8727bc25f1816d x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.x86_64.rpm
90fa8c3c9656e39c4380957e41305a05 x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.x86_64.rpm
e7a934802980f13ead8d4cbde91c9272 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCXL6ZmqjQ0CJFipgRAiraAKCfiya5TnuqrqZJo3jtnFq+N9nkRwCfcQyY
WgobUjjIisixU1XdvdELC8A=
=Yk28
-----END PGP SIGNATURE-----