From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:163 - Updated MySQL packages fix vulnerability
Message-Id: <E1EF3wJ-0006eJ-8Q@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Tue, 13 Sep 2005 00:06:43 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2005:163
Date: September 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A stack-based buffer overflow was discovered in the init_syms function
in MySQL that allows authenticated users that can create user-defined
functions to execute arbitrary code via a long function_name field.
The updated packages have been patched to address these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2558
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
c0ca77359461d6e4503d040f657405cc 10.1/RPMS/libmysql12-4.0.20-3.5.101mdk.i586.rpm
3ee6767c39b4e24e7ff178479fff4da4 10.1/RPMS/libmysql12-devel-4.0.20-3.5.101mdk.i586.rpm
5fff82de496c98638c91b3b20fcc0be1 10.1/RPMS/MySQL-4.0.20-3.5.101mdk.i586.rpm
c47820ad3f2568279a8854a59a5ca6c4 10.1/RPMS/MySQL-Max-4.0.20-3.5.101mdk.i586.rpm
2ca25895290ff3e717ea4fb21b25beec 10.1/RPMS/MySQL-bench-4.0.20-3.5.101mdk.i586.rpm
5dde3104a02b283dd4ea53255be6e28c 10.1/RPMS/MySQL-client-4.0.20-3.5.101mdk.i586.rpm
d7d411a693de4e757f6bd87c3d3e8228 10.1/RPMS/MySQL-common-4.0.20-3.5.101mdk.i586.rpm
147a03a204620f68094e327236d8569a 10.1/SRPMS/MySQL-4.0.20-3.5.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
6efbf74429938fe12d67e724975669f7 x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.5.101mdk.x86_64.rpm
e8ea787e503f420646d0ab1aeb7fd7bd x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.5.101mdk.x86_64.rpm
e1c87e33304d7c5dece5a0bfed367f41 x86_64/10.1/RPMS/MySQL-4.0.20-3.5.101mdk.x86_64.rpm
c02df0a16db0f3440afedd53c9bd5510 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.5.101mdk.x86_64.rpm
886d53b2b08d334209fda4e14920b075 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.5.101mdk.x86_64.rpm
cb934efc4a61c0ec2dca9c6f6e8d56a5 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.5.101mdk.x86_64.rpm
fc6b5c2cad48ee84c2dda8094b504874 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.5.101mdk.x86_64.rpm
147a03a204620f68094e327236d8569a x86_64/10.1/SRPMS/MySQL-4.0.20-3.5.101mdk.src.rpm
Mandrakelinux 10.2:
672a98dc051b64e6a5efee02cdc163d8 10.2/RPMS/libmysql14-4.1.11-1.1.102mdk.i586.rpm
07a736279b7623325c2f2fde828886e3 10.2/RPMS/libmysql14-devel-4.1.11-1.1.102mdk.i586.rpm
cb2fb817c72a88d905a0875694ec8b7f 10.2/RPMS/MySQL-4.1.11-1.1.102mdk.i586.rpm
8a2e42d756032bc400bc1d10170e6f46 10.2/RPMS/MySQL-Max-4.1.11-1.1.102mdk.i586.rpm
d008f499f18cef6c9d92cade794a765c 10.2/RPMS/MySQL-NDB-4.1.11-1.1.102mdk.i586.rpm
2d3a54a41b82cff0c9d22a442a5df6af 10.2/RPMS/MySQL-bench-4.1.11-1.1.102mdk.i586.rpm
47185384cc46fbb7651dd220a63cfd9c 10.2/RPMS/MySQL-client-4.1.11-1.1.102mdk.i586.rpm
3a434ce8c27ebb6979c350c551815939 10.2/RPMS/MySQL-common-4.1.11-1.1.102mdk.i586.rpm
ec76c46c73c9c4a2b454026c98e9e37a 10.2/SRPMS/MySQL-4.1.11-1.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
45058361222d0099c5b76e0fff9106e1 x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.1.102mdk.x86_64.rpm
2dd5dbdf223f5200c032e8f3f6feb525 x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.1.102mdk.x86_64.rpm
4c2c5755a8f887aec086edef890de8ab x86_64/10.2/RPMS/MySQL-4.1.11-1.1.102mdk.x86_64.rpm
892005b80148274b24279a159c14ea84 x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.1.102mdk.x86_64.rpm
9c99ebde5888ac68543aad8db0bfbbf1 x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.1.102mdk.x86_64.rpm
a69e37c9949a9def639560ad6c51b387 x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.1.102mdk.x86_64.rpm
9b036b241347c113e971d2006baf0d3c x86_64/10.2/RPMS/MySQL-client-4.1.11-1.1.102mdk.x86_64.rpm
81faea0e3ed95a1e62d912f24e98aa65 x86_64/10.2/RPMS/MySQL-common-4.1.11-1.1.102mdk.x86_64.rpm
ec76c46c73c9c4a2b454026c98e9e37a x86_64/10.2/SRPMS/MySQL-4.1.11-1.1.102mdk.src.rpm
Corporate 3.0:
04d4151eae7ed878c21f2e279c859a2a corporate/3.0/RPMS/libmysql12-4.0.18-1.6.C30mdk.i586.rpm
f6c6fe9dc10a247ac1ea20b3bf7cbaaa corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.6.C30mdk.i586.rpm
516d015085f8877d4a10492053c74133 corporate/3.0/RPMS/MySQL-4.0.18-1.6.C30mdk.i586.rpm
52176303aa9e6915f34446a2575bcfa1 corporate/3.0/RPMS/MySQL-Max-4.0.18-1.6.C30mdk.i586.rpm
4c19bb8b4a2c3a731d056ce39b84fd26 corporate/3.0/RPMS/MySQL-bench-4.0.18-1.6.C30mdk.i586.rpm
5a84ae1d8c37fe41271f9797a90921b6 corporate/3.0/RPMS/MySQL-client-4.0.18-1.6.C30mdk.i586.rpm
fe50c3c3380f386064c9c580e8468677 corporate/3.0/RPMS/MySQL-common-4.0.18-1.6.C30mdk.i586.rpm
76fc1db6495adc321fc2d0952a27bb91 corporate/3.0/SRPMS/MySQL-4.0.18-1.6.C30mdk.src.rpm
Corporate 3.0/X86_64:
02c3a2e98692e6c71e5497a536b30d4e x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.6.C30mdk.x86_64.rpm
475624ad614c0f109ce0fbf952335987 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.6.C30mdk.x86_64.rpm
df26496e1bd68d73d62a7c786b54b6ed x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.6.C30mdk.x86_64.rpm
3b75ce48513acd6dc9aa228058642f0f x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.6.C30mdk.x86_64.rpm
21347726c3d48e6d13723516a15d87fb x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.6.C30mdk.x86_64.rpm
fef51176d24e8874ddca4af5653bacc9 x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.6.C30mdk.x86_64.rpm
7e59b805ab766f84d118f4fc5b2755ec x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.6.C30mdk.x86_64.rpm
76fc1db6495adc321fc2d0952a27bb91 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.6.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDJmxzmqjQ0CJFipgRAlXrAJ4+GenFKgWyhmkpbchb7s5F9CPf4ACgvTa2
uv487XrACLdZ+yoASOC+RrE=
=BE/G
-----END PGP SIGNATURE-----