User: Password:
|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2007:0083-01 (MySQL)

From:  bugzilla@redhat.com
To:  enterprise-watch-list@redhat.com
Subject:  [RHSA-2007:0083-01] Low: mysql security update
Date:  Mon, 19 Feb 2007 14:55:45 -0500

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: mysql security update Advisory ID: RHSA-2007:0083-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0083.html Issue date: 2007-02-19 Updated on: 2007-02-19 Product: Red Hat Application Stack CVE Names: CVE-2006-0903 CVE-2006-3081 CVE-2006-4031 CVE-2006-4226 CVE-2006-4227 - --------------------------------------------------------------------- 1. Summary: Updated MySQL packages for the Red Hat Application Stack comprising the v1.1 release are now available. This update also resolves some minor security issues rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: Several minor security issues were found in MySQL: MySQL allowed remote authenticated users to create or access a database when the database name differed only in case from a database for which they had permissions. (CVE-2006-4226) MySQL evaluated arguments in the wrong security context which allowed remote authenticated users to gain privileges through a routine that had been made available using GRANT EXECUTE. (CVE-2006-4227) MySQL allowed a local user to access a table through a previously created MERGE table, even after the user's privileges were revoked for the original table, which might violate intended security policy. (CVE-2006-4031) MySQL allowed authenticated users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. (CVE-2006-3081) MySQL allowed local authenticated users to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) Users of MySQL should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 228999 - CVE-2006-0903 Multiple minor MySQL issues (CVE-2006-3081 CVE-2006-4031 CVE-2006-4226 CVE-2006-4227) 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/my... b1286f8ed419eec951f02a0f17cdc5b6 mysql-5.0.30-1.el4s1.1.src.rpm i386: c1bd8eae792b620677100762b2659dac mysql-5.0.30-1.el4s1.1.i386.rpm 4a9671ac9a96e68d48a3c9aaf24e607d mysql-bench-5.0.30-1.el4s1.1.i386.rpm 13ead71f722b74d0ab6a99b2f5becc11 mysql-debuginfo-5.0.30-1.el4s1.1.i386.rpm 81fc452e5a6849a88b6db218a5c92dc7 mysql-devel-5.0.30-1.el4s1.1.i386.rpm af5162d98ff053a9e641c4284874a675 mysql-server-5.0.30-1.el4s1.1.i386.rpm 440229a542bf959f05cd22aa469948bb mysql-test-5.0.30-1.el4s1.1.i386.rpm x86_64: c1bd8eae792b620677100762b2659dac mysql-5.0.30-1.el4s1.1.i386.rpm 913c86ac256fe0e54c866dab843d3ef3 mysql-5.0.30-1.el4s1.1.x86_64.rpm d27530b3c3ebe17fbac831d2ba6997af mysql-bench-5.0.30-1.el4s1.1.x86_64.rpm 13ead71f722b74d0ab6a99b2f5becc11 mysql-debuginfo-5.0.30-1.el4s1.1.i386.rpm 4524fc0f9b297224643d5f47ec72355f mysql-debuginfo-5.0.30-1.el4s1.1.x86_64.rpm 7e72f397613fe1b20503be9bfc68f3f4 mysql-devel-5.0.30-1.el4s1.1.x86_64.rpm 5f648be2383cd82412257c8644acd0db mysql-server-5.0.30-1.el4s1.1.x86_64.rpm b5a605586daaaee0e9b8855d8d96c7cc mysql-test-5.0.30-1.el4s1.1.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/my... b1286f8ed419eec951f02a0f17cdc5b6 mysql-5.0.30-1.el4s1.1.src.rpm i386: c1bd8eae792b620677100762b2659dac mysql-5.0.30-1.el4s1.1.i386.rpm 4a9671ac9a96e68d48a3c9aaf24e607d mysql-bench-5.0.30-1.el4s1.1.i386.rpm 13ead71f722b74d0ab6a99b2f5becc11 mysql-debuginfo-5.0.30-1.el4s1.1.i386.rpm 81fc452e5a6849a88b6db218a5c92dc7 mysql-devel-5.0.30-1.el4s1.1.i386.rpm af5162d98ff053a9e641c4284874a675 mysql-server-5.0.30-1.el4s1.1.i386.rpm 440229a542bf959f05cd22aa469948bb mysql-test-5.0.30-1.el4s1.1.i386.rpm x86_64: c1bd8eae792b620677100762b2659dac mysql-5.0.30-1.el4s1.1.i386.rpm 913c86ac256fe0e54c866dab843d3ef3 mysql-5.0.30-1.el4s1.1.x86_64.rpm d27530b3c3ebe17fbac831d2ba6997af mysql-bench-5.0.30-1.el4s1.1.x86_64.rpm 13ead71f722b74d0ab6a99b2f5becc11 mysql-debuginfo-5.0.30-1.el4s1.1.i386.rpm 4524fc0f9b297224643d5f47ec72355f mysql-debuginfo-5.0.30-1.el4s1.1.x86_64.rpm 7e72f397613fe1b20503be9bfc68f3f4 mysql-devel-5.0.30-1.el4s1.1.x86_64.rpm 5f648be2383cd82412257c8644acd0db mysql-server-5.0.30-1.el4s1.1.x86_64.rpm b5a605586daaaee0e9b8855d8d96c7cc mysql-test-5.0.30-1.el4s1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4227 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF2gCgXlSAg2UNWIIRAj97AJkBmGp+voKqnfb+16wfDdPTeNbJzwCeJit5 KwSNbDEsmmf3mrYUo8AJ0BQ= =mFSR -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds