OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
MDKSA-2005:070 - Updated MySQL packages fix vulnerability

From: Mandrakelinux Security Team (securitylinux-mandrake.com)
Date: Wed Apr 13 2005 - 01:39:21 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name: MySQL
 Advisory ID: MDKSA-2005:070
 Date: April 12th, 2005

 Affected versions: 10.0, 10.1, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability in MySQL would allow a user with grant privileges to a
 database with a name containing an underscore character ("_") to have
 the ability to grant privileges to other databases with similar names.
 This problem was previously discovered and fixed, but a new case where
 the problem still existed was recently discovered.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 417cd23f30451f252fea813d9f4ef3c2 10.0/RPMS/libmysql12-4.0.18-1.5.100mdk.i586.rpm
 b831453eaa8fc45453e1744f8b3917f7 10.0/RPMS/libmysql12-devel-4.0.18-1.5.100mdk.i586.rpm
 42b1d9cd652da8515b0380ff95b79f46 10.0/RPMS/MySQL-4.0.18-1.5.100mdk.i586.rpm
 a551c71aad62c5df13a82b4056d566eb 10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.i586.rpm
 685631fa240211a8184e643dc3d5f1cb 10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.i586.rpm
 4e0fd82c672bc2da6dab8762c4d6b081 10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.i586.rpm
 a4ac1306800921e4f4aa281061275bc4 10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.i586.rpm
 90878d81d7401596b2da6b361fe2e360 10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 d8d8592e1c408b6422ac049e27619a01 amd64/10.0/RPMS/lib64mysql12-4.0.18-1.5.100mdk.amd64.rpm
 092ba14f09198f4829cedefc08d00cec amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.5.100mdk.amd64.rpm
 d266108df4723f914a59053d79fb9bb7 amd64/10.0/RPMS/MySQL-4.0.18-1.5.100mdk.amd64.rpm
 04ddb557422c15f8c1f8d1eaddbafec4 amd64/10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.amd64.rpm
 51973164698815c2f6c2dbb6e2139199 amd64/10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.amd64.rpm
 60f890d8b8cbf29b9685f754b5c88d5d amd64/10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.amd64.rpm
 d96b21d3ae9824214b864608b3577dbf amd64/10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.amd64.rpm
 90878d81d7401596b2da6b361fe2e360 amd64/10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm

 Mandrakelinux 10.1:
 a6f881afe9579d59a9bb1dd6ad17baa8 10.1/RPMS/libmysql12-4.0.20-3.4.101mdk.i586.rpm
 39f4f644320f49c51e873359eabf7b2c 10.1/RPMS/libmysql12-devel-4.0.20-3.4.101mdk.i586.rpm
 4add025687ece5f2c8d8a90d75609904 10.1/RPMS/MySQL-4.0.20-3.4.101mdk.i586.rpm
 b1c67252efd4ebd6d61aec46aceb40f1 10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.i586.rpm
 489792984418629f6242ac779c68f222 10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.i586.rpm
 ad896c2dbc95537f27dd730c9b56ee39 10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.i586.rpm
 63288467c444fb9347ec1fe309816534 10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.i586.rpm
 779b911478fa081b608a68ab6e8e2970 10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 897990c787d88ae1cded68f4b0744cc0 x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.4.101mdk.x86_64.rpm
 5062c8704732e87a7457b7d8a78beaa4 x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.4.101mdk.x86_64.rpm
 4ccc4901dfaccc2841f94baf3a1c15a0 x86_64/10.1/RPMS/MySQL-4.0.20-3.4.101mdk.x86_64.rpm
 4da118dcd84c51df2692260d94891f12 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.x86_64.rpm
 af2fb55fdeaf9b535a5de92288271037 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.x86_64.rpm
 edfac12d91bb39fc57a2fb49a9729546 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.x86_64.rpm
 2c3fc2282673cdaf70949400b2192f50 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.x86_64.rpm
 779b911478fa081b608a68ab6e8e2970 x86_64/10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm

 Corporate Server 2.1:
 fee1c58289d49e1c519f77e9a1d13c50 corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.i586.rpm
 f6551af58f46aa65c3dc6de68ec34961 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.i586.rpm
 8391e0abdbcfde47585d768819b7f361 corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.i586.rpm
 2269ed0f6f7267a464b214248e0cd9fb corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.i586.rpm
 27d9c33c5213b04ab8222ac10b42bd97 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.i586.rpm
 35b20bc721c1343ccbb2cdcd1c097a1a corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.i586.rpm
 4bab4afbeee17e8ca6d31b57964aab10 corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 5c8d616a2cb39ae05ec8f4724707009f x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.x86_64.rpm
 acea8f383bb42d00d4256fa607c4c2ec x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.x86_64.rpm
 51f588ba999d520a44093a7e75d68622 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.x86_64.rpm
 b5a0c02550feee335b4be9a3f522f722 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.x86_64.rpm
 78cd60307b15749852130e11afbe3627 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.x86_64.rpm
 b87924ea315b70d97dea1828fe4d411a x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.x86_64.rpm
 4bab4afbeee17e8ca6d31b57964aab10 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm

 Corporate 3.0:
 29f5de555916e07a2eb3334f2981b679 corporate/3.0/RPMS/libmysql12-4.0.18-1.5.C30mdk.i586.rpm
 f7e02a5400d09d850b8fa7cf0682b18f corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.5.C30mdk.i586.rpm
 09b527600f42ec813228487fc360ef3a corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.i586.rpm
 6f63a5bd9e92fd9282c4eb1dbf837d5f corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.i586.rpm
 439c0118fd7729148826b0fb62429a4e corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.i586.rpm
 6930f021fdaf18fa4f5db4cfd19a2f0b corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.i586.rpm
 bf38329d5b2b25640db08ca71f4b3996 corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.i586.rpm
 e7a934802980f13ead8d4cbde91c9272 corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 dbf8b1639bf38cae748ce0e88e9ffa2a x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.5.C30mdk.x86_64.rpm
 1363deae1247afac0d47a5ea88446ad1 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.5.C30mdk.x86_64.rpm
 1b91795ad659e8ab56e73e30a06c002c x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.x86_64.rpm
 cffa0c76bfbfbbffa840b109505a8c9d x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.x86_64.rpm
 3c02203cbfef60142e1686ab5574b387 x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.x86_64.rpm
 fd474c00f7584a000b8727bc25f1816d x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.x86_64.rpm
 90fa8c3c9656e39c4380957e41305a05 x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.x86_64.rpm
 e7a934802980f13ead8d4cbde91c9272 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi. The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCXL6ZmqjQ0CJFipgRAiraAKCfiya5TnuqrqZJo3jtnFq+N9nkRwCfcQyY
WgobUjjIisixU1XdvdELC8A=
=Yk28
-----END PGP SIGNATURE-----