Date: Mon, 16 Dec 2002 17:42:27 +0100
From: OpenPKG <[email protected]>
To: [email protected]Subject: [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.htmlhttp://www.openpkg.org[email protected][email protected]
OpenPKG-SA-2002.013 16-Dec-2002
________________________________________________________________________
Package: mysql
Vulnerability: password bypass, arbitrary code execution
OpenPKG Specific: no
Dependent Packages: apache, myodbc, perl-dbi, postfix
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG 1.0 <= mysql-3.23.46-1.0.0 >= mysql-3.23.46-1.0.1
OpenPKG 1.1 <= mysql-3.23.52-1.1.0 >= mysql-3.23.52-1.1.1
OpenPKG CURRENT <= mysql-3.23.53-20021204 >= mysql-3.23.54-20021212
Description:
The e-matters [0] company discovered two flaws [1] within the MySQL
[2] server that can be used by any MySQL user to crash the server.
One of the flaws can be used to bypass the MySQL password check or
to execute arbitrary code with the privileges of the user running
mysqld(8).
They also discovered an arbitrary size heap overflow within the
MySQL client library and another vulnerability that allows to write
'\0' to any memory address. Both flaws could allow DOS attacks
against or arbitrary code execution within anything linked against
libmysqlclient.
Check whether you are affected by running "<prefix>/bin/rpm -q mysql".
If you have an affected version of the "mysql" package (see above),
please upgrade it according to the solution below.
Solution:
Update existing packages to newly patched versions of MySQL. Select the
updated source RPM appropriate for your OpenPKG release [3][4][5], and
fetch it from the OpenPKG FTP service or a mirror location. Verify its
integrity [6], build a corresponding binary RPM from it and update your
OpenPKG installation by applying the binary RPM [7]. For the latest
OpenPKG 1.1 release, perform the following operations to permanently fix
the security problem (for other releases adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get mysql-3.23.52-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig mysql-3.23.52-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild mysql-3.23.52-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/mysql-3.23.52-1.1.1.*.rpm
# <prefix>/etc/rc mysql stop start
________________________________________________________________________
References:
[0] http://www.e-matters.de/
[1] http://security.e-matters.de/advisories/042002.html
[2] http://www.mysql.com/
[3] ftp://ftp.openpkg.org/release/1.0/UPD/
[4] ftp://ftp.openpkg.org/release/1.1/UPD/
[5] ftp://ftp.openpkg.org/current/SRC/
[6] http://www.openpkg.org/security.html#signature
[7] http://www.openpkg.org/tutorial.html#regular-source
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <[email protected]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For example, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <[email protected]>
iEYEARECAAYFAj39rFwACgkQgHWT4GPEy59OOQCfRNp25g3jXbRoIITZnwnpT7lo
0q8AoMCazmZmwIs0sqxUJF4wfwbsC6Zz
=6WvF
-----END PGP SIGNATURE-----
