LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated mysql packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227). Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:150
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mysql
 Date    : July 19, 2008
 Affected: 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple buffer overflows in yaSSL, which is used in MySQL, allowed
 remote attackers to execute arbitrary code (CVE-2008-0226) or cause
 a denial of service via a special Hello packet (CVE-2008-0227).
 
 Sergei Golubchik found that MySQL did not properly validate optional
 data or index directory paths given in a CREATE TABLE statement; as
 well it would not, under certain conditions, prevent two databases
 from using the same paths for data or index files.  This could allow
 an authenticated user with appropriate privilege to create tables in
 one database to read and manipulate data in tables later created in
 other databases, regardless of GRANT privileges (CVE-2008-2079).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 56e59e5a7413ca900767afa20480fff5  2007.1/i586/libmysql15-5.0.45-8.2mdv2007.1.i586.rpm
 c11348f9b60a3fb153cf07a7b2e22502  2007.1/i586/libmysql-devel-5.0.45-8.2mdv2007.1.i586.rpm
 a60fca42161427ed528a6a1fd58c61e3  2007.1/i586/libmysql-static-devel-5.0.45-8.2mdv2007.1.i586.rpm
 a6c4108497edb6cd0d7f723ca5f81c1f  2007.1/i586/mysql-5.0.45-8.2mdv2007.1.i586.rpm
 62b091bfed614ed2be0e9f1dabc00e6e  2007.1/i586/mysql-bench-5.0.45-8.2mdv2007.1.i586.rpm
 65c4cbcbaa11ad0fd5521ff9821a0e71  2007.1/i586/mysql-client-5.0.45-8.2mdv2007.1.i586.rpm
 6cafb4fc0190c3d8c301737cc1b2d584  2007.1/i586/mysql-common-5.0.45-8.2mdv2007.1.i586.rpm
 ab7ff6bc5ed1e3add97e87eadffdf7d0  2007.1/i586/mysql-max-5.0.45-8.2mdv2007.1.i586.rpm
 0c0d3817061fed8a9495b976e9aad4f6  2007.1/i586/mysql-ndb-extra-5.0.45-8.2mdv2007.1.i586.rpm
 e180f9184b397c76f121fa2cbcc249ee  2007.1/i586/mysql-ndb-management-5.0.45-8.2mdv2007.1.i586.rpm
 11f6b6b340ec050489117a31ba1ada7b  2007.1/i586/mysql-ndb-storage-5.0.45-8.2mdv2007.1.i586.rpm
 27d5c830d808a9198b5a3234ab635c31  2007.1/i586/mysql-ndb-tools-5.0.45-8.2mdv2007.1.i586.rpm 
 0b18a06428b4c5351ea19433a18ba44b  2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 861ae8a12d105c0537345f4b1b6364a6  2007.1/x86_64/lib64mysql15-5.0.45-8.2mdv2007.1.x86_64.rpm
 74995c774432f4acacf682d14b738bae  2007.1/x86_64/lib64mysql-devel-5.0.45-8.2mdv2007.1.x86_64.rpm
 5453d884b0edf40606bd78e62aef8101  2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2007.1.x86_64.rpm
 ef7ab96c6a492dad1a5f1463eaf5568b  2007.1/x86_64/mysql-5.0.45-8.2mdv2007.1.x86_64.rpm
 e6527ea8482a7928095a2d1d24953ad6  2007.1/x86_64/mysql-bench-5.0.45-8.2mdv2007.1.x86_64.rpm
 896ed2418af55577669d67b2b110fded  2007.1/x86_64/mysql-client-5.0.45-8.2mdv2007.1.x86_64.rpm
 9cfc765f29d39220862dd8b38a7baddb  2007.1/x86_64/mysql-common-5.0.45-8.2mdv2007.1.x86_64.rpm
 f738941dbf2fb982e5f91ad1f5b8dd99  2007.1/x86_64/mysql-max-5.0.45-8.2mdv2007.1.x86_64.rpm
 604b3cda2222cc031819c1a76f64974e  2007.1/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2007.1.x86_64.rpm
 944f87e17f3a30a41392b57005b3866d  2007.1/x86_64/mysql-ndb-management-5.0.45-8.2mdv2007.1.x86_64.rpm
 abe714a023e8019dc2379f38a10287c6  2007.1/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2007.1.x86_64.rpm
 60585f5c00ea687c710da9bf8dc620b0  2007.1/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2007.1.x86_64.rpm 
 0b18a06428b4c5351ea19433a18ba44b  2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 32915a44b313f9752d53864929acacef  2008.0/i586/libmysql15-5.0.45-8.2mdv2008.0.i586.rpm
 886f68f93c90d168f0f376f2bdf19dfe  2008.0/i586/libmysql-devel-5.0.45-8.2mdv2008.0.i586.rpm
 05d52109e0e751d6ecb330361f0c49b1  2008.0/i586/libmysql-static-devel-5.0.45-8.2mdv2008.0.i586.rpm
 c2d269602985c48dbfaa56edbb2089a5  2008.0/i586/mysql-5.0.45-8.2mdv2008.0.i586.rpm
 fe5a49a0dbcf5b5b862fa15c697ec734  2008.0/i586/mysql-bench-5.0.45-8.2mdv2008.0.i586.rpm
 5d9e574e07b13db1e98ac5084ef24c52  2008.0/i586/mysql-client-5.0.45-8.2mdv2008.0.i586.rpm
 c3a73f6ba9467995e4eeeb2994987e8c  2008.0/i586/mysql-common-5.0.45-8.2mdv2008.0.i586.rpm
 faca35a011bd9e95c3aded56c498efe7  2008.0/i586/mysql-max-5.0.45-8.2mdv2008.0.i586.rpm
 ae5bece63ecfacd37582c68288e146a6  2008.0/i586/mysql-ndb-extra-5.0.45-8.2mdv2008.0.i586.rpm
 6948d8799ff1e8e9ae3908dcfdfafc2a  2008.0/i586/mysql-ndb-management-5.0.45-8.2mdv2008.0.i586.rpm
 11566a84793e2eb8b2e55fe28d89b918  2008.0/i586/mysql-ndb-storage-5.0.45-8.2mdv2008.0.i586.rpm
 7e8e44013f0de7b0cd2c527da9202985  2008.0/i586/mysql-ndb-tools-5.0.45-8.2mdv2008.0.i586.rpm 
 af4075fd835e0372f1f6745f2f6f2d24  2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 c3683e4b578bcf573913d2c8ea3bcc64  2008.0/x86_64/lib64mysql15-5.0.45-8.2mdv2008.0.x86_64.rpm
 a15bc584715bfa86221d021a45610701  2008.0/x86_64/lib64mysql-devel-5.0.45-8.2mdv2008.0.x86_64.rpm
 7037c5117e10169e7f0d862cb3916a7d  2008.0/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2008.0.x86_64.rpm
 624b99283d71f7fc372029d188b0d68e  2008.0/x86_64/mysql-5.0.45-8.2mdv2008.0.x86_64.rpm
 3efcb2ad37ae4d91f5915548fcebb0fc  2008.0/x86_64/mysql-bench-5.0.45-8.2mdv2008.0.x86_64.rpm
 69b7b8e85e21c015d1db4822885f9e70  2008.0/x86_64/mysql-client-5.0.45-8.2mdv2008.0.x86_64.rpm
 cd9cc2fd720dedef518fed7f6dbcd851  2008.0/x86_64/mysql-common-5.0.45-8.2mdv2008.0.x86_64.rpm
 dc1da6c335fdbe30762c3bdc8431de71  2008.0/x86_64/mysql-max-5.0.45-8.2mdv2008.0.x86_64.rpm
 065d9a2c3515567c0d11a45a44b2b902  2008.0/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2008.0.x86_64.rpm
 8fb80d3e1b683af128b77d1ab9e6ad06  2008.0/x86_64/mysql-ndb-management-5.0.45-8.2mdv2008.0.x86_64.rpm
 9e4a50fcfb351876e1294bcc113a9d01  2008.0/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2008.0.x86_64.rpm
 0788ada6ccdddb7db76ebcf3efbe8e0b  2008.0/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2008.0.x86_64.rpm 
 af4075fd835e0372f1f6745f2f6f2d24  2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm

 Corporate 4.0:
 08c68b948479e0609200d3a75fa1e6f8  corporate/4.0/i586/libmysql15-5.0.45-7.2.20060mlcs4.i586.rpm
 9559df7a4dd7a7a5cd2f3350d0aaf644  corporate/4.0/i586/libmysql-devel-5.0.45-7.2.20060mlcs4.i586.rpm
 7c6b41f3e966a9533fe2e508099e9ac3  corporate/4.0/i586/libmysql-static-devel-5.0.45-7.2.20060mlcs4.i586.rpm
 83fc3360f5f3d5e4612e8b2dcccb9d86  corporate/4.0/i586/mysql-5.0.45-7.2.20060mlcs4.i586.rpm
 119770dc70f1dec99770b89569d5f244  corporate/4.0/i586/mysql-bench-5.0.45-7.2.20060mlcs4.i586.rpm
 eaba4a0339945fe1e6f3b2197d43dc6d  corporate/4.0/i586/mysql-client-5.0.45-7.2.20060mlcs4.i586.rpm
 9d19c37b04c4db67c135ecd277b48d55  corporate/4.0/i586/mysql-common-5.0.45-7.2.20060mlcs4.i586.rpm
 29ce0477fee72dd9f76665b7ab3d3733  corporate/4.0/i586/mysql-max-5.0.45-7.2.20060mlcs4.i586.rpm
 76ef2d6cedff1526cea6e5391e53bd0b  corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.i586.rpm
 efd3de6baa6c09f0926e1d71fdcbb7d2  corporate/4.0/i586/mysql-ndb-management-5.0.45-7.2.20060mlcs4.i586.rpm
 58acbcf9bd22ae8b686f270959a24d9a  corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.i586.rpm
 0679c750bc5dd1f0ad9c26513c9d5a1f  corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.i586.rpm 
 a2744801fe9ed017d4cfb3b40d7dcc42  corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1540c030207321b12c1dbf6518b259ea  corporate/4.0/x86_64/lib64mysql15-5.0.45-7.2.20060mlcs4.x86_64.rpm
 b8a1daf95d7212f43635d06e709c3318  corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm
 11ff72e78bca0c13e2bbe1d3eba69b6f  corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm
 ec357bc74168b72e716ee47fdc8953ef  corporate/4.0/x86_64/mysql-5.0.45-7.2.20060mlcs4.x86_64.rpm
 2d4a49b5b2ef6be7f180c37bf6848502  corporate/4.0/x86_64/mysql-bench-5.0.45-7.2.20060mlcs4.x86_64.rpm
 5acf56e4dc62af041eeeff90ad32ddbf  corporate/4.0/x86_64/mysql-client-5.0.45-7.2.20060mlcs4.x86_64.rpm
 eadd8f9b5afdadc1e67ab76e63c5ede6  corporate/4.0/x86_64/mysql-common-5.0.45-7.2.20060mlcs4.x86_64.rpm
 233bd234e9c9ce5922b9655a6fdd72ce  corporate/4.0/x86_64/mysql-max-5.0.45-7.2.20060mlcs4.x86_64.rpm
 97494344056c6e4f8340eaf0036ac97f  corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.x86_64.rpm
 ca70ce3ed5c592ec41151b1c6f1d43d8  corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.2.20060mlcs4.x86_64.rpm
 379dab3d7aecfba0b93d5e5691d742db  corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.x86_64.rpm
 e0e9ca0dc122c8657aada9a9db758ca1  corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.x86_64.rpm 
 a2744801fe9ed017d4cfb3b40d7dcc42  corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.