Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1216496735-11275-7498

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:149

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : mysql

Date : July 19, 2008

Affected: 2008.1

_______________________________________________________________________

 

Problem Description:

 

Sergei Golubchik found that MySQL did not properly validate optional

data or index directory paths given in a CREATE TABLE statement; as

well it would not, under certain conditions, prevent two databases

from using the same paths for data or index files. This could allow

an authenticated user with appropriate privilege to create tables in

one database to read and manipulate data in tables later created in

other databases, regardless of GRANT privileges (CVE-2008-2079).

 

The updated packages have been patched to correct this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

6782fa8e80d657cc32a784791296136c 2008.1/i586/libmysql15-5.0.51a-8.1mdv2008.1.i586.rpm

d38cfb788ab390a22e50c4d8cd88f713 2008.1/i586/libmysql-devel-5.0.51a-8.1mdv2008.1.i586.rpm

17c5413087a43818eb37625415db339c 2008.1/i586/libmysql-static-devel-5.0.51a-8.1mdv2008.1.i586.rpm

725b41649fd161c63087f0e44ec488bb 2008.1/i586/mysql-5.0.51a-8.1mdv2008.1.i586.rpm

c6864405d42406bf85f8e2fb08af8793 2008.1/i586/mysql-bench-5.0.51a-8.1mdv2008.1.i586.rpm

e6df015114747e50092b6a9d7225e821 2008.1/i586/mysql-client-5.0.51a-8.1mdv2008.1.i586.rpm

5b359172c307e980b7c8d3e409f1f85a 2008.1/i586/mysql-common-5.0.51a-8.1mdv2008.1.i586.rpm

b65eb90008f0f329fcd78aa601c941cf 2008.1/i586/mysql-doc-5.0.51a-8.1mdv2008.1.i586.rpm

803c2840d6e56e851d043c21c8d153ba 2008.1/i586/mysql-max-5.0.51a-8.1mdv2008.1.i586.rpm

ce4f47ad3c03549aee94d5b88734f6c8 2008.1/i586/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.i586.rpm

3f4013ca6f91d85d00895d58fccb235a 2008.1/i586/mysql-ndb-management-5.0.51a-8.1mdv2008.1.i586.rpm

494932ed64f2813cf0896f23112debc3 2008.1/i586/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.i586.rpm

d7c24b1ccf013e14adc943fe90fc11c5 2008.1/i586/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.i586.rpm

0e68ede1df17ebd9dfa4c02ca7205dc1 2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

7efe5a4aaf106e5f28118d4f0a6757e5 2008.1/x86_64/lib64mysql15-5.0.51a-8.1mdv2008.1.x86_64.rpm

0793a32b20f398f03580aaa5377e5192 2008.1/x86_64/lib64mysql-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm

c3efcca1e7b13bf2d38cc15ac34c3a05 2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm

aa1408995eec88602fe6cde92b662814 2008.1/x86_64/mysql-5.0.51a-8.1mdv2008.1.x86_64.rpm

ac232e2c080dccf9745f18a901079b7d 2008.1/x86_64/mysql-bench-5.0.51a-8.1mdv2008.1.x86_64.rpm

af82fcb4a9c02aa0994015892a0d1297 2008.1/x86_64/mysql-client-5.0.51a-8.1mdv2008.1.x86_64.rpm

7628f598b3d767f0f37f30b80f224db8 2008.1/x86_64/mysql-common-5.0.51a-8.1mdv2008.1.x86_64.rpm

ae212a73fda5f0e334d71a0fca4cd8b5 2008.1/x86_64/mysql-doc-5.0.51a-8.1mdv2008.1.x86_64.rpm

734b94f12d8c8b9042780e03d0a2c7df 2008.1/x86_64/mysql-max-5.0.51a-8.1mdv2008.1.x86_64.rpm

53a4ab72777ab8c85a89f8f37ceaecff 2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.x86_64.rpm

8f57766a240e25ae39c11ffba53f5762 2008.1/x86_64/mysql-ndb-management-5.0.51a-8.1mdv2008.1.x86_64.rpm

3e0df3dabd48d33ccfe4322bffe36743 2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.x86_64.rpm

02030eb47df043478edc5886d9706849 2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.x86_64.rpm

0e68ede1df17ebd9dfa4c02ca7205dc1 2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIghjzmqjQ0CJFipgRAg2lAKCPKI1bYFVEu+WtzrBRzIERRkuzvwCfeakB

uT2vsaASgbZ7/Mfe3zNpGmo=

=aIyr

-----END PGP SIGNATURE-----

 

 

------------=_1216496735-11275-7498

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1216496735-11275-7498--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×