User: Password:
|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2005:334-01 (mysql)

From:  bugzilla@redhat.com
To:  enterprise-watch-list@redhat.com
Subject:  [RHSA-2005:334-01] Important: mysql security update
Date:  Mon, 28 Mar 2005 14:59 -0500

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2005:334-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-334.html Issue date: 2005-03-28 Updated on: 2005-03-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0709 CAN-2005-0710 CAN-2005-0711 - --------------------------------------------------------------------- 1. Summary: Updated mysql packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 150868 - CAN-2005-0711 Insecure temporary file creation with CREATE TEMPORARY TABLE 150871 - CAN-2005-0710 MySQL security attacks via user-defined functions in C (CAN-2005-0709) 151051 - CAN-2005-0710 MySQL security attacks via user-defined functions in C (CAN-2005-0709) 152344 - CAN-2005-0711 Insecure temporary file creation with CREATE TEMPORARY TABLE 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mys... 9f8398d805ce362f80c15408233a9ed1 mysql-3.23.58-1.72.2.src.rpm i386: c8b10a5e219a0bb25c34a2df1b64bc18 mysql-3.23.58-1.72.2.i386.rpm 2cf8e981adf1d3c6563fefa662905819 mysql-devel-3.23.58-1.72.2.i386.rpm eab17f634d6291a172d8da3643d0bbc9 mysql-server-3.23.58-1.72.2.i386.rpm ia64: a856bfd608828d4f64d9796917850273 mysql-3.23.58-1.72.2.ia64.rpm 86c85219c9bee00653f7d15c3f7430ee mysql-devel-3.23.58-1.72.2.ia64.rpm 2b001d68cb35af5d79c24796a52ebcf0 mysql-server-3.23.58-1.72.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mys... 9f8398d805ce362f80c15408233a9ed1 mysql-3.23.58-1.72.2.src.rpm ia64: a856bfd608828d4f64d9796917850273 mysql-3.23.58-1.72.2.ia64.rpm 86c85219c9bee00653f7d15c3f7430ee mysql-devel-3.23.58-1.72.2.ia64.rpm 2b001d68cb35af5d79c24796a52ebcf0 mysql-server-3.23.58-1.72.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mys... 9f8398d805ce362f80c15408233a9ed1 mysql-3.23.58-1.72.2.src.rpm i386: c8b10a5e219a0bb25c34a2df1b64bc18 mysql-3.23.58-1.72.2.i386.rpm 2cf8e981adf1d3c6563fefa662905819 mysql-devel-3.23.58-1.72.2.i386.rpm eab17f634d6291a172d8da3643d0bbc9 mysql-server-3.23.58-1.72.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mys... 9f8398d805ce362f80c15408233a9ed1 mysql-3.23.58-1.72.2.src.rpm i386: c8b10a5e219a0bb25c34a2df1b64bc18 mysql-3.23.58-1.72.2.i386.rpm 2cf8e981adf1d3c6563fefa662905819 mysql-devel-3.23.58-1.72.2.i386.rpm eab17f634d6291a172d8da3643d0bbc9 mysql-server-3.23.58-1.72.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mysql... 854563dcb2706dbf0eb417442e4dd601 mysql-3.23.58-15.RHEL3.1.src.rpm i386: 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm ia64: f11140c71bd0153313b568b5a2f3c3ce mysql-3.23.58-15.RHEL3.1.ia64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 16090c803a0ebe16c182225a579238ee mysql-bench-3.23.58-15.RHEL3.1.ia64.rpm 88f6753a99b5ee4f47a2d10c4861c945 mysql-devel-3.23.58-15.RHEL3.1.ia64.rpm ppc: a81cdaff84d2f09eb83a102917191afe mysql-3.23.58-15.RHEL3.1.ppc.rpm 45af37f982e521565793473f340e5be5 mysql-3.23.58-15.RHEL3.1.ppc64.rpm 59b3a8a7e23532c70d881b475af4bd7d mysql-bench-3.23.58-15.RHEL3.1.ppc.rpm 3cd8cb4cd0915e0bbd96efa890d9bee4 mysql-devel-3.23.58-15.RHEL3.1.ppc.rpm s390: 142b2ed96d26cae6cc4643307909ca91 mysql-3.23.58-15.RHEL3.1.s390.rpm 6562ff7efbe46ecbc1278355653ea7d8 mysql-bench-3.23.58-15.RHEL3.1.s390.rpm 55dc03163e7ffcb5b549ed5865a09d75 mysql-devel-3.23.58-15.RHEL3.1.s390.rpm s390x: 58e2b16cefa1011b037c3eb19abbadd7 mysql-3.23.58-15.RHEL3.1.s390x.rpm 142b2ed96d26cae6cc4643307909ca91 mysql-3.23.58-15.RHEL3.1.s390.rpm 219bc280dfcc231e133fb176cc5d830c mysql-bench-3.23.58-15.RHEL3.1.s390x.rpm fc9aaa8d267db06e32541a474cbfb743 mysql-devel-3.23.58-15.RHEL3.1.s390x.rpm x86_64: 429fb7ce5fc1e0284c9926df6294d8a3 mysql-3.23.58-15.RHEL3.1.x86_64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm b25503c0af603c1d969c45e7b2a2438c mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/... 854563dcb2706dbf0eb417442e4dd601 mysql-3.23.58-15.RHEL3.1.src.rpm i386: 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm x86_64: 429fb7ce5fc1e0284c9926df6294d8a3 mysql-3.23.58-15.RHEL3.1.x86_64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm b25503c0af603c1d969c45e7b2a2438c mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mysql... 854563dcb2706dbf0eb417442e4dd601 mysql-3.23.58-15.RHEL3.1.src.rpm i386: 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm ia64: f11140c71bd0153313b568b5a2f3c3ce mysql-3.23.58-15.RHEL3.1.ia64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 16090c803a0ebe16c182225a579238ee mysql-bench-3.23.58-15.RHEL3.1.ia64.rpm 88f6753a99b5ee4f47a2d10c4861c945 mysql-devel-3.23.58-15.RHEL3.1.ia64.rpm x86_64: 429fb7ce5fc1e0284c9926df6294d8a3 mysql-3.23.58-15.RHEL3.1.x86_64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm b25503c0af603c1d969c45e7b2a2438c mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mysql... 854563dcb2706dbf0eb417442e4dd601 mysql-3.23.58-15.RHEL3.1.src.rpm i386: 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm ia64: f11140c71bd0153313b568b5a2f3c3ce mysql-3.23.58-15.RHEL3.1.ia64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm 16090c803a0ebe16c182225a579238ee mysql-bench-3.23.58-15.RHEL3.1.ia64.rpm 88f6753a99b5ee4f47a2d10c4861c945 mysql-devel-3.23.58-15.RHEL3.1.ia64.rpm x86_64: 429fb7ce5fc1e0284c9926df6294d8a3 mysql-3.23.58-15.RHEL3.1.x86_64.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.i386.rpm b25503c0af603c1d969c45e7b2a2438c mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mysql... b6a840faaf98a346425dd9a06c8fec10 mysql-4.1.10a-1.RHEL4.1.src.rpm i386: 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da mysql-server-4.1.10a-1.RHEL4.1.i386.rpm ia64: c5e66b2052dddad3f7efa8f5a2548306 mysql-4.1.10a-1.RHEL4.1.ia64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 33db1d591733c449d28795506be1d3ec mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm 960eaaf9f5cf36e0b0a94ab1ef9c21b9 mysql-devel-4.1.10a-1.RHEL4.1.ia64.rpm 4bf66c5b263eb18988cd969ecebd8e58 mysql-server-4.1.10a-1.RHEL4.1.ia64.rpm ppc: 5b88ed2db9ae0fd206eaaa103f043a08 mysql-4.1.10a-1.RHEL4.1.ppc.rpm 64fd1fa7bc38b404acccbcc38fdf8211 mysql-4.1.10a-1.RHEL4.1.ppc64.rpm f94c6abe0859ec58e6eceaf05edbfe2b mysql-bench-4.1.10a-1.RHEL4.1.ppc.rpm ee2a0cc6256bc7329789895e199e859a mysql-devel-4.1.10a-1.RHEL4.1.ppc.rpm b5fb67ecd12729f5a473803d12529813 mysql-server-4.1.10a-1.RHEL4.1.ppc.rpm s390: ae44637b61fe5b9c56c7306b396c0bff mysql-4.1.10a-1.RHEL4.1.s390.rpm 5d96344a3dfbd15f42e63d72d9648093 mysql-bench-4.1.10a-1.RHEL4.1.s390.rpm 21c55ea6889bb3a41c42a25f1083d328 mysql-devel-4.1.10a-1.RHEL4.1.s390.rpm 3bff18b1d43eb5ef74be7b08714d2978 mysql-server-4.1.10a-1.RHEL4.1.s390.rpm s390x: 9f406ee647de81c005d89d38760b5574 mysql-4.1.10a-1.RHEL4.1.s390x.rpm ae44637b61fe5b9c56c7306b396c0bff mysql-4.1.10a-1.RHEL4.1.s390.rpm c2c3bb4b29a135ff177c964e167d3a3e mysql-bench-4.1.10a-1.RHEL4.1.s390x.rpm e858acd2e61b4d7e7874b4f49a00308e mysql-devel-4.1.10a-1.RHEL4.1.s390x.rpm 9c12db91656385534ac3a8efdbc5705b mysql-server-4.1.10a-1.RHEL4.1.s390x.rpm x86_64: aa863d0a948e88220b65196997553834 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 859368a712acb8c2cb9c574c340b641f mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/... b6a840faaf98a346425dd9a06c8fec10 mysql-4.1.10a-1.RHEL4.1.src.rpm i386: 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da mysql-server-4.1.10a-1.RHEL4.1.i386.rpm x86_64: aa863d0a948e88220b65196997553834 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 859368a712acb8c2cb9c574c340b641f mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mysql... b6a840faaf98a346425dd9a06c8fec10 mysql-4.1.10a-1.RHEL4.1.src.rpm i386: 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da mysql-server-4.1.10a-1.RHEL4.1.i386.rpm ia64: c5e66b2052dddad3f7efa8f5a2548306 mysql-4.1.10a-1.RHEL4.1.ia64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 33db1d591733c449d28795506be1d3ec mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm 960eaaf9f5cf36e0b0a94ab1ef9c21b9 mysql-devel-4.1.10a-1.RHEL4.1.ia64.rpm 4bf66c5b263eb18988cd969ecebd8e58 mysql-server-4.1.10a-1.RHEL4.1.ia64.rpm x86_64: aa863d0a948e88220b65196997553834 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 859368a712acb8c2cb9c574c340b641f mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mysql... b6a840faaf98a346425dd9a06c8fec10 mysql-4.1.10a-1.RHEL4.1.src.rpm i386: 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da mysql-server-4.1.10a-1.RHEL4.1.i386.rpm ia64: c5e66b2052dddad3f7efa8f5a2548306 mysql-4.1.10a-1.RHEL4.1.ia64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 33db1d591733c449d28795506be1d3ec mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm 960eaaf9f5cf36e0b0a94ab1ef9c21b9 mysql-devel-4.1.10a-1.RHEL4.1.ia64.rpm 4bf66c5b263eb18988cd969ecebd8e58 mysql-server-4.1.10a-1.RHEL4.1.ia64.rpm x86_64: aa863d0a948e88220b65196997553834 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.i386.rpm 859368a712acb8c2cb9c574c340b641f mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCSGIQXlSAg2UNWIIRAm8lAJ9nbbRlnPdVHA0LBVkox5FsNDq1tgCgrZnn EOc4D/9JB4Yz/901JVzJgfc= =KjGq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-...


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds