RedHat: UPDATE: 'mysql' vulnerabilities
Posted by LinuxSecurity.com Team   
RedHat Linux The MySQL packages shipped in Red Hat Linux 7 and as updates had bugs whichcaused the DB engine to return bad results or crash.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Bug Fix Advisory

Synopsis:          Updated mysql packages available for Red Hat Linux 7
Advisory ID:       RHBA-2000:133-04
Issue date:        2000-12-19
Updated on:        2000-12-20
Product:           Red Hat Linux
Keywords:          mysql aliasing join empty table
Cross references:  
---------------------------------------------------------------------

1. Topic:

The MySQL packages shipped in Red Hat Linux 7 and as updates had bugs which
caused the DB engine to return bad results or crash.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386

3. Problem description:

The MySQL packages shipped with Red Hat Linux 7 contained buggy
assembler code. When compiled with optimization enabled, this code caused
the database server to return bad results. Also, a case where you can crash
the database by a specific, valid query has been fixed.

Note that MySQL has updated its client library since the initial version.
To deal with compiled applications linked with this library, a new package,
mysqlclient9, has been created.

4. Solution:

For all RPMs downloaded for your particular architecture, run:

rpm -Uvh mysql*

Because of dependencies the packages must be installed as a group.

After downloading all RPMs needed for your particular architecture, run:

rpm -Uvh mysql*

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

21897 - LEFT JOIN RESTARTS MYSQL
20124 - gcc can't compile mysql on sparc
18905 - MySQL output not the same as the tutorial
18620 - strange values in float type columns

6. RPMs required:

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com//7.0/SRPMS/mysql-3.23.29-1.src.rpm 
ftp://updates.Red Hat.com//7.0/SRPMS/mysqlclient9-3.23.22-3.src.rpm

alpha: 
ftp://updates.Red Hat.com//7.0/alpha/mysql-3.23.29-1.alpha.rpm 
ftp://updates.Red Hat.com//7.0/alpha/mysql-devel-3.23.29-1.alpha.rpm 
ftp://updates.Red Hat.com//7.0/alpha/mysql-server-3.23.29-1.alpha.rpm 
ftp://updates.Red Hat.com//7.0/alpha/mysqlclient9-3.23.22-3.alpha.rpm

i386: 
ftp://updates.Red Hat.com//7.0/i386/mysql-3.23.29-1.i386.rpm 
ftp://updates.Red Hat.com//7.0/i386/mysql-devel-3.23.29-1.i386.rpm 
ftp://updates.Red Hat.com//7.0/i386/mysql-server-3.23.29-1.i386.rpm 
ftp://updates.Red Hat.com//7.0/i386/mysqlclient9-3.23.22-3.i386.rpm



7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
12ef24299db3c22e003b93113c0e5d88  7.0/alpha/mysql-3.23.29-1.alpha.rpm
 4c06ec320005375edde51807165dcd4d  7.0/alpha/mysql-devel-3.23.29-1.alpha.rpm
 cdc1b92df6adb32981f78098c960facc  7.0/alpha/mysql-server-3.23.29-1.alpha.rpm
 a310301ef0fad01215463d6be1d9c47c  7.0/alpha/mysqlclient9-3.23.22-3.alpha.rpm
 00f34c51702ed0c93bd48c14d0093062  7.0/i386/mysql-3.23.29-1.i386.rpm
 73ec0efbdbde38896399d2db5964189e  7.0/i386/mysql-devel-3.23.29-1.i386.rpm
 7a2bfa5d5710737a7ddc86799c86b626  7.0/i386/mysql-server-3.23.29-1.i386.rpm
 bd45d3a4f6407083571d9b993b48a01f  7.0/i386/mysqlclient9-3.23.22-3.i386.rpm
 47ccad3e1b4c523af60e7a2600c3dfa1  7.0/SRPMS/mysql-3.23.29-1.src.rpm
 8f52aad48cd0c4f45ff592151fa334c8  7.0/SRPMS/mysqlclient9-3.23.22-3.src.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:




Copyright(c) 2000 Red Hat, Inc.