- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Low: mysql security update
Advisory ID:       RHSA-2005:685-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:685.html
Issue date:        2005-10-05
Updated on:        2005-10-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1636
- ---------------------------------------------------------------------1. Summary:

Updated mysql packages that fix a temporary file flaw and a number of bugs
are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.

An insecure temporary file handling bug was found in the mysql_install_db
script. It is possible for a local user to create specially crafted files
in /tmp which could allow them to execute arbitrary SQL commands during
database installation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1636 to this issue.

These packages update mysql to version 4.1.12, fixing a number of problems.
Also, support for SSL-encrypted connections to the database server is now
provided.

All users of mysql are advised to upgrade to these updated packages.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

158688 - CAN-2005-1636 mysql insecure temporary file creation
163694 - Parser issue with subqueries involving unions


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
06e04af590c86c1563668213e4d9a2af  mysql-4.1.12-3.RHEL4.1.src.rpm

i386:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
020b65a1397177687bd7455a2946739e  mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
6db5ab9c7b09d927988e39a9d53b8261  mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
6694cc9ad90191d03cdc67ad9614d26c  mysql-server-4.1.12-3.RHEL4.1.i386.rpm

ia64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
bb35d80e1f827aa5de0f01aee29faa6a  mysql-4.1.12-3.RHEL4.1.ia64.rpm
47cb300d4bf12c8563eb1c8babfd103b  mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm
47f9b68213f3037db70832795eb3a5b0  mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm
0613e4169cee5ac1bde69212803b6aaa  mysql-server-4.1.12-3.RHEL4.1.ia64.rpm

ppc:
b54a2d7a5a9029db69c3cf0307003f8d  mysql-4.1.12-3.RHEL4.1.ppc.rpm
9d53cef62c768f37a223d90cafdfe4c4  mysql-4.1.12-3.RHEL4.1.ppc64.rpm
7a0d7f6729411842fbcab18a558c25f9  mysql-bench-4.1.12-3.RHEL4.1.ppc.rpm
ff15dfca4f080127a684753711c2c705  mysql-devel-4.1.12-3.RHEL4.1.ppc.rpm
5e18e3db31abbd644f798537b505febd  mysql-server-4.1.12-3.RHEL4.1.ppc.rpm

s390:
a4f9deb608170942ef88157f16bc9559  mysql-4.1.12-3.RHEL4.1.s390.rpm
cf62bace4cd06dab150abd0571b6e927  mysql-bench-4.1.12-3.RHEL4.1.s390.rpm
54fa0f151e8322cfb0f677bbf3a0d618  mysql-devel-4.1.12-3.RHEL4.1.s390.rpm
b302582504491c3fcdf496ed13b20c3f  mysql-server-4.1.12-3.RHEL4.1.s390.rpm

s390x:
a4f9deb608170942ef88157f16bc9559  mysql-4.1.12-3.RHEL4.1.s390.rpm
6882bb7f89b988c796c5694c6e133921  mysql-4.1.12-3.RHEL4.1.s390x.rpm
7997f5fa03a7cb80c1e8da506f82a61f  mysql-bench-4.1.12-3.RHEL4.1.s390x.rpm
0d61968abd9ae0d268ee77a7f893427e  mysql-devel-4.1.12-3.RHEL4.1.s390x.rpm
18ff4f1f10b15f1446e3bac9d5f16aa0  mysql-server-4.1.12-3.RHEL4.1.s390x.rpm

x86_64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
c93a847cf892e5b9ff0941221dc17891  mysql-4.1.12-3.RHEL4.1.x86_64.rpm
d28e2f3914e10b19212b969193c20386  mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
c4bc3aa53d8f14d35c13f6bff7cd9d9c  mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
c8426a10d3f2a56ccf30eae19dc78a01  mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
06e04af590c86c1563668213e4d9a2af  mysql-4.1.12-3.RHEL4.1.src.rpm

i386:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
020b65a1397177687bd7455a2946739e  mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
6db5ab9c7b09d927988e39a9d53b8261  mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
6694cc9ad90191d03cdc67ad9614d26c  mysql-server-4.1.12-3.RHEL4.1.i386.rpm

x86_64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
c93a847cf892e5b9ff0941221dc17891  mysql-4.1.12-3.RHEL4.1.x86_64.rpm
d28e2f3914e10b19212b969193c20386  mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
c4bc3aa53d8f14d35c13f6bff7cd9d9c  mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
c8426a10d3f2a56ccf30eae19dc78a01  mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
06e04af590c86c1563668213e4d9a2af  mysql-4.1.12-3.RHEL4.1.src.rpm

i386:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
020b65a1397177687bd7455a2946739e  mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
6db5ab9c7b09d927988e39a9d53b8261  mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
6694cc9ad90191d03cdc67ad9614d26c  mysql-server-4.1.12-3.RHEL4.1.i386.rpm

ia64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
bb35d80e1f827aa5de0f01aee29faa6a  mysql-4.1.12-3.RHEL4.1.ia64.rpm
47cb300d4bf12c8563eb1c8babfd103b  mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm
47f9b68213f3037db70832795eb3a5b0  mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm
0613e4169cee5ac1bde69212803b6aaa  mysql-server-4.1.12-3.RHEL4.1.ia64.rpm

x86_64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
c93a847cf892e5b9ff0941221dc17891  mysql-4.1.12-3.RHEL4.1.x86_64.rpm
d28e2f3914e10b19212b969193c20386  mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
c4bc3aa53d8f14d35c13f6bff7cd9d9c  mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
c8426a10d3f2a56ccf30eae19dc78a01  mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
06e04af590c86c1563668213e4d9a2af  mysql-4.1.12-3.RHEL4.1.src.rpm

i386:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
020b65a1397177687bd7455a2946739e  mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
6db5ab9c7b09d927988e39a9d53b8261  mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
6694cc9ad90191d03cdc67ad9614d26c  mysql-server-4.1.12-3.RHEL4.1.i386.rpm

ia64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
bb35d80e1f827aa5de0f01aee29faa6a  mysql-4.1.12-3.RHEL4.1.ia64.rpm
47cb300d4bf12c8563eb1c8babfd103b  mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm
47f9b68213f3037db70832795eb3a5b0  mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm
0613e4169cee5ac1bde69212803b6aaa  mysql-server-4.1.12-3.RHEL4.1.ia64.rpm

x86_64:
d42c715e724da17f9e1bdd922fdb2f34  mysql-4.1.12-3.RHEL4.1.i386.rpm
c93a847cf892e5b9ff0941221dc17891  mysql-4.1.12-3.RHEL4.1.x86_64.rpm
d28e2f3914e10b19212b969193c20386  mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
c4bc3aa53d8f14d35c13f6bff7cd9d9c  mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
c8426a10d3f2a56ccf30eae19dc78a01  mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1636

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Low: mysql security update RHSA-2005:685-01

Updated mysql packages that fix a temporary file flaw and a number of bugs are now available

Summary



Summary

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. An insecure temporary file handling bug was found in the mysql_install_db script. It is possible for a local user to create specially crafted files in /tmp which could allow them to execute arbitrary SQL commands during database installation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1636 to this issue. These packages update mysql to version 4.1.12, fixing a number of problems. Also, support for SSL-encrypted connections to the database server is now provided. All users of mysql are advised to upgrade to these updated packages.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
158688 - CAN-2005-1636 mysql insecure temporary file creation 163694 - Parser issue with subqueries involving unions

6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: 06e04af590c86c1563668213e4d9a2af mysql-4.1.12-3.RHEL4.1.src.rpm
i386: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm 020b65a1397177687bd7455a2946739e mysql-bench-4.1.12-3.RHEL4.1.i386.rpm 6db5ab9c7b09d927988e39a9d53b8261 mysql-devel-4.1.12-3.RHEL4.1.i386.rpm 6694cc9ad90191d03cdc67ad9614d26c mysql-server-4.1.12-3.RHEL4.1.i386.rpm
ia64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm bb35d80e1f827aa5de0f01aee29faa6a mysql-4.1.12-3.RHEL4.1.ia64.rpm 47cb300d4bf12c8563eb1c8babfd103b mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm 47f9b68213f3037db70832795eb3a5b0 mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm 0613e4169cee5ac1bde69212803b6aaa mysql-server-4.1.12-3.RHEL4.1.ia64.rpm
ppc: b54a2d7a5a9029db69c3cf0307003f8d mysql-4.1.12-3.RHEL4.1.ppc.rpm 9d53cef62c768f37a223d90cafdfe4c4 mysql-4.1.12-3.RHEL4.1.ppc64.rpm 7a0d7f6729411842fbcab18a558c25f9 mysql-bench-4.1.12-3.RHEL4.1.ppc.rpm ff15dfca4f080127a684753711c2c705 mysql-devel-4.1.12-3.RHEL4.1.ppc.rpm 5e18e3db31abbd644f798537b505febd mysql-server-4.1.12-3.RHEL4.1.ppc.rpm
s390: a4f9deb608170942ef88157f16bc9559 mysql-4.1.12-3.RHEL4.1.s390.rpm cf62bace4cd06dab150abd0571b6e927 mysql-bench-4.1.12-3.RHEL4.1.s390.rpm 54fa0f151e8322cfb0f677bbf3a0d618 mysql-devel-4.1.12-3.RHEL4.1.s390.rpm b302582504491c3fcdf496ed13b20c3f mysql-server-4.1.12-3.RHEL4.1.s390.rpm
s390x: a4f9deb608170942ef88157f16bc9559 mysql-4.1.12-3.RHEL4.1.s390.rpm 6882bb7f89b988c796c5694c6e133921 mysql-4.1.12-3.RHEL4.1.s390x.rpm 7997f5fa03a7cb80c1e8da506f82a61f mysql-bench-4.1.12-3.RHEL4.1.s390x.rpm 0d61968abd9ae0d268ee77a7f893427e mysql-devel-4.1.12-3.RHEL4.1.s390x.rpm 18ff4f1f10b15f1446e3bac9d5f16aa0 mysql-server-4.1.12-3.RHEL4.1.s390x.rpm
x86_64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm c93a847cf892e5b9ff0941221dc17891 mysql-4.1.12-3.RHEL4.1.x86_64.rpm d28e2f3914e10b19212b969193c20386 mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm c4bc3aa53d8f14d35c13f6bff7cd9d9c mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm c8426a10d3f2a56ccf30eae19dc78a01 mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 06e04af590c86c1563668213e4d9a2af mysql-4.1.12-3.RHEL4.1.src.rpm
i386: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm 020b65a1397177687bd7455a2946739e mysql-bench-4.1.12-3.RHEL4.1.i386.rpm 6db5ab9c7b09d927988e39a9d53b8261 mysql-devel-4.1.12-3.RHEL4.1.i386.rpm 6694cc9ad90191d03cdc67ad9614d26c mysql-server-4.1.12-3.RHEL4.1.i386.rpm
x86_64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm c93a847cf892e5b9ff0941221dc17891 mysql-4.1.12-3.RHEL4.1.x86_64.rpm d28e2f3914e10b19212b969193c20386 mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm c4bc3aa53d8f14d35c13f6bff7cd9d9c mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm c8426a10d3f2a56ccf30eae19dc78a01 mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 06e04af590c86c1563668213e4d9a2af mysql-4.1.12-3.RHEL4.1.src.rpm
i386: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm 020b65a1397177687bd7455a2946739e mysql-bench-4.1.12-3.RHEL4.1.i386.rpm 6db5ab9c7b09d927988e39a9d53b8261 mysql-devel-4.1.12-3.RHEL4.1.i386.rpm 6694cc9ad90191d03cdc67ad9614d26c mysql-server-4.1.12-3.RHEL4.1.i386.rpm
ia64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm bb35d80e1f827aa5de0f01aee29faa6a mysql-4.1.12-3.RHEL4.1.ia64.rpm 47cb300d4bf12c8563eb1c8babfd103b mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm 47f9b68213f3037db70832795eb3a5b0 mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm 0613e4169cee5ac1bde69212803b6aaa mysql-server-4.1.12-3.RHEL4.1.ia64.rpm
x86_64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm c93a847cf892e5b9ff0941221dc17891 mysql-4.1.12-3.RHEL4.1.x86_64.rpm d28e2f3914e10b19212b969193c20386 mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm c4bc3aa53d8f14d35c13f6bff7cd9d9c mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm c8426a10d3f2a56ccf30eae19dc78a01 mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 06e04af590c86c1563668213e4d9a2af mysql-4.1.12-3.RHEL4.1.src.rpm
i386: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm 020b65a1397177687bd7455a2946739e mysql-bench-4.1.12-3.RHEL4.1.i386.rpm 6db5ab9c7b09d927988e39a9d53b8261 mysql-devel-4.1.12-3.RHEL4.1.i386.rpm 6694cc9ad90191d03cdc67ad9614d26c mysql-server-4.1.12-3.RHEL4.1.i386.rpm
ia64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm bb35d80e1f827aa5de0f01aee29faa6a mysql-4.1.12-3.RHEL4.1.ia64.rpm 47cb300d4bf12c8563eb1c8babfd103b mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm 47f9b68213f3037db70832795eb3a5b0 mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm 0613e4169cee5ac1bde69212803b6aaa mysql-server-4.1.12-3.RHEL4.1.ia64.rpm
x86_64: d42c715e724da17f9e1bdd922fdb2f34 mysql-4.1.12-3.RHEL4.1.i386.rpm c93a847cf892e5b9ff0941221dc17891 mysql-4.1.12-3.RHEL4.1.x86_64.rpm d28e2f3914e10b19212b969193c20386 mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm c4bc3aa53d8f14d35c13f6bff7cd9d9c mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm c8426a10d3f2a56ccf30eae19dc78a01 mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1636

Package List


Severity
Advisory ID: RHSA-2005:685-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:685.html
Issued Date: : 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1636 Updated mysql packages that fix a temporary file flaw and a number of bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved