LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated mysql packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:149
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mysql
 Date    : July 19, 2008
 Affected: 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 Sergei Golubchik found that MySQL did not properly validate optional
 data or index directory paths given in a CREATE TABLE statement; as
 well it would not, under certain conditions, prevent two databases
 from using the same paths for data or index files.  This could allow
 an authenticated user with appropriate privilege to create tables in
 one database to read and manipulate data in tables later created in
 other databases, regardless of GRANT privileges (CVE-2008-2079).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2008.1:
 6782fa8e80d657cc32a784791296136c  2008.1/i586/libmysql15-5.0.51a-8.1mdv2008.1.i586.rpm
 d38cfb788ab390a22e50c4d8cd88f713  2008.1/i586/libmysql-devel-5.0.51a-8.1mdv2008.1.i586.rpm
 17c5413087a43818eb37625415db339c  2008.1/i586/libmysql-static-devel-5.0.51a-8.1mdv2008.1.i586.rpm
 725b41649fd161c63087f0e44ec488bb  2008.1/i586/mysql-5.0.51a-8.1mdv2008.1.i586.rpm
 c6864405d42406bf85f8e2fb08af8793  2008.1/i586/mysql-bench-5.0.51a-8.1mdv2008.1.i586.rpm
 e6df015114747e50092b6a9d7225e821  2008.1/i586/mysql-client-5.0.51a-8.1mdv2008.1.i586.rpm
 5b359172c307e980b7c8d3e409f1f85a  2008.1/i586/mysql-common-5.0.51a-8.1mdv2008.1.i586.rpm
 b65eb90008f0f329fcd78aa601c941cf  2008.1/i586/mysql-doc-5.0.51a-8.1mdv2008.1.i586.rpm
 803c2840d6e56e851d043c21c8d153ba  2008.1/i586/mysql-max-5.0.51a-8.1mdv2008.1.i586.rpm
 ce4f47ad3c03549aee94d5b88734f6c8  2008.1/i586/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.i586.rpm
 3f4013ca6f91d85d00895d58fccb235a  2008.1/i586/mysql-ndb-management-5.0.51a-8.1mdv2008.1.i586.rpm
 494932ed64f2813cf0896f23112debc3  2008.1/i586/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.i586.rpm
 d7c24b1ccf013e14adc943fe90fc11c5  2008.1/i586/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.i586.rpm 
 0e68ede1df17ebd9dfa4c02ca7205dc1  2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 7efe5a4aaf106e5f28118d4f0a6757e5  2008.1/x86_64/lib64mysql15-5.0.51a-8.1mdv2008.1.x86_64.rpm
 0793a32b20f398f03580aaa5377e5192  2008.1/x86_64/lib64mysql-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
 c3efcca1e7b13bf2d38cc15ac34c3a05  2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
 aa1408995eec88602fe6cde92b662814  2008.1/x86_64/mysql-5.0.51a-8.1mdv2008.1.x86_64.rpm
 ac232e2c080dccf9745f18a901079b7d  2008.1/x86_64/mysql-bench-5.0.51a-8.1mdv2008.1.x86_64.rpm
 af82fcb4a9c02aa0994015892a0d1297  2008.1/x86_64/mysql-client-5.0.51a-8.1mdv2008.1.x86_64.rpm
 7628f598b3d767f0f37f30b80f224db8  2008.1/x86_64/mysql-common-5.0.51a-8.1mdv2008.1.x86_64.rpm
 ae212a73fda5f0e334d71a0fca4cd8b5  2008.1/x86_64/mysql-doc-5.0.51a-8.1mdv2008.1.x86_64.rpm
 734b94f12d8c8b9042780e03d0a2c7df  2008.1/x86_64/mysql-max-5.0.51a-8.1mdv2008.1.x86_64.rpm
 53a4ab72777ab8c85a89f8f37ceaecff  2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.x86_64.rpm
 8f57766a240e25ae39c11ffba53f5762  2008.1/x86_64/mysql-ndb-management-5.0.51a-8.1mdv2008.1.x86_64.rpm
 3e0df3dabd48d33ccfe4322bffe36743  2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.x86_64.rpm
 02030eb47df043478edc5886d9706849  2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.x86_64.rpm 
 0e68ede1df17ebd9dfa4c02ca7205dc1  2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.