-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:177 http://www.mandriva.com/security/ _______________________________________________________________________ Package : MySQL Date : September 6, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780). Another flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782). Updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 43b19d6908c3e084f1b404feb00c63de 2007.0/i586/MySQL-5.0.24a-2.2mdv2007.0.i586.rpm 8fe94c7be904870d65b469a4c81196df 2007.0/i586/MySQL-Max-5.0.24a-2.2mdv2007.0.i586.rpm 3660295e693c4ecdbffbe3ae0b5701d8 2007.0/i586/MySQL-bench-5.0.24a-2.2mdv2007.0.i586.rpm 7298bcc5c8ee75a6eab087b9917b78f1 2007.0/i586/MySQL-client-5.0.24a-2.2mdv2007.0.i586.rpm 15dd0f8dcf80b1c1019eac8a5a4a7052 2007.0/i586/MySQL-common-5.0.24a-2.2mdv2007.0.i586.rpm 37ca2f0c3a007ff1c8981c1b7125ce2d 2007.0/i586/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.i586.rpm 544ef62805a41bf9b403e25ce7c7c1f5 2007.0/i586/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.i586.rpm d7c5b8b833c2619dfa20401d0da61918 2007.0/i586/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.i586.rpm e05d20b0c89d60be5b7be125e01bd7db 2007.0/i586/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.i586.rpm ee401b386f61cdd23ad8ac68500d57ef 2007.0/i586/libmysql15-5.0.24a-2.2mdv2007.0.i586.rpm 7eb3b28147bb62fce7226c2bcd2fc0cf 2007.0/i586/libmysql15-devel-5.0.24a-2.2mdv2007.0.i586.rpm f6173d4e62a6c52a124e8c7780796ed7 2007.0/i586/libmysql15-static-devel-5.0.24a-2.2mdv2007.0.i586.rpm ed790867b5e832f98e14a5831d3c3d9b 2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 9d8b485e4debe1a29d99cb4fc023ed17 2007.0/x86_64/MySQL-5.0.24a-2.2mdv2007.0.x86_64.rpm 8d0fd0cbc5449a5e9b9282209d8fb985 2007.0/x86_64/MySQL-Max-5.0.24a-2.2mdv2007.0.x86_64.rpm 05278a6de101b301da12d402636a5e33 2007.0/x86_64/MySQL-bench-5.0.24a-2.2mdv2007.0.x86_64.rpm 72efb5e7e697da6239e329370f972944 2007.0/x86_64/MySQL-client-5.0.24a-2.2mdv2007.0.x86_64.rpm e2dbbe658be425721686df1a7b55251f 2007.0/x86_64/MySQL-common-5.0.24a-2.2mdv2007.0.x86_64.rpm 1d89433b36d4e80c2f56278adf028270 2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.2mdv2007.0.x86_64.rpm a709ab263cd6ea0254fb151c00eb71c4 2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.2mdv2007.0.x86_64.rpm 85d6c978f065853608a12d2a4bd9e04f 2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.2mdv2007.0.x86_64.rpm 88367e83123464a946c39aa115590142 2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.2mdv2007.0.x86_64.rpm c8f4fce474c9c5727499eacb1e31dbb1 2007.0/x86_64/lib64mysql15-5.0.24a-2.2mdv2007.0.x86_64.rpm 86230304c28d04713d68388a742c5888 2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm ff870649d1aab1fae3a80ff6398427a6 2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.2mdv2007.0.x86_64.rpm ed790867b5e832f98e14a5831d3c3d9b 2007.0/SRPMS/MySQL-5.0.24a-2.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 7fef4072328373994701bd1150169219 2007.1/i586/MySQL-5.0.37-2.2mdv2007.1.i586.rpm bbd5bfcca79fa90fd665e0aafeb4cfe9 2007.1/i586/MySQL-Max-5.0.37-2.2mdv2007.1.i586.rpm 0441bb8eafd22b50e736703da932f665 2007.1/i586/MySQL-bench-5.0.37-2.2mdv2007.1.i586.rpm 2187707d04ec069249b0860527e66882 2007.1/i586/MySQL-client-5.0.37-2.2mdv2007.1.i586.rpm bbedede029d6f1d91df678ec1d9da3a4 2007.1/i586/MySQL-common-5.0.37-2.2mdv2007.1.i586.rpm 319d80d98c68eaaa3be389da3c4629f5 2007.1/i586/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.i586.rpm cb4bf9d2fdbe4fbb1d54765526bfeb58 2007.1/i586/MySQL-ndb-management-5.0.37-2.2mdv2007.1.i586.rpm 1c938b9274476282001907ed77de224a 2007.1/i586/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.i586.rpm 11c50f8638f76bec718ee8fc1b56af35 2007.1/i586/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.i586.rpm 4d247c4144b7a734eb0b31f5c254aaf4 2007.1/i586/libmysql15-5.0.37-2.2mdv2007.1.i586.rpm 3ec4be50c4f1560717afcc9ac41408da 2007.1/i586/libmysql15-devel-5.0.37-2.2mdv2007.1.i586.rpm 988b86aa49ccc5e192b197d0e32d8b5f 2007.1/i586/libmysql15-static-devel-5.0.37-2.2mdv2007.1.i586.rpm b917f553fa6d0558628203aa7bc6f02d 2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 594e1b48094ad676e9ef0dd3f5e66a1b 2007.1/x86_64/MySQL-5.0.37-2.2mdv2007.1.x86_64.rpm c2a2b915d686f80457568f35cc6ab64b 2007.1/x86_64/MySQL-Max-5.0.37-2.2mdv2007.1.x86_64.rpm 27160238411f975742da59c4e4a575fc 2007.1/x86_64/MySQL-bench-5.0.37-2.2mdv2007.1.x86_64.rpm bb34823dcc3d1d3afa5581c5a93299b4 2007.1/x86_64/MySQL-client-5.0.37-2.2mdv2007.1.x86_64.rpm 4c28854e5a25bd1545898eb7fa19dbe5 2007.1/x86_64/MySQL-common-5.0.37-2.2mdv2007.1.x86_64.rpm dde3a6779745b4bcacc86cb0ec15ae14 2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.2mdv2007.1.x86_64.rpm a235878331e4e4e0b950ccc09e832fcd 2007.1/x86_64/MySQL-ndb-management-5.0.37-2.2mdv2007.1.x86_64.rpm 171e18f799173055a892be5dfb1a099a 2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.2mdv2007.1.x86_64.rpm 7d09d6e1f704a0d650b9edc374ba25bd 2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.2mdv2007.1.x86_64.rpm ab9731811943facfe7e230c1cab387ea 2007.1/x86_64/lib64mysql15-5.0.37-2.2mdv2007.1.x86_64.rpm d12e81527f57aa81ba4b441e9bc097a8 2007.1/x86_64/lib64mysql15-devel-5.0.37-2.2mdv2007.1.x86_64.rpm 060401f7450f23b9aa4d39d63907edf5 2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.2mdv2007.1.x86_64.rpm b917f553fa6d0558628203aa7bc6f02d 2007.1/SRPMS/MySQL-5.0.37-2.2mdv2007.1.src.rpm Corporate 4.0: 1938deb4b70824480abff7dfe543e8ee corporate/4.0/i586/MySQL-5.0.24-1.2.20060mlcs4.i586.rpm a1df8885e384446fe22929e439c7c525 corporate/4.0/i586/MySQL-Max-5.0.24-1.2.20060mlcs4.i586.rpm 6f3479ce44c07541ef1f886c45803169 corporate/4.0/i586/MySQL-bench-5.0.24-1.2.20060mlcs4.i586.rpm 4dea8048500128d6e28131eba033f1c0 corporate/4.0/i586/MySQL-client-5.0.24-1.2.20060mlcs4.i586.rpm 717fc696fa3a65787672e53a25753639 corporate/4.0/i586/MySQL-common-5.0.24-1.2.20060mlcs4.i586.rpm 4cfd221eef70439ada856c769f873dbb corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.i586.rpm e968f12d07ce19867ca4f685deb9e652 corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.i586.rpm 06d5378cfc51cd416f2f0445ef37238a corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.i586.rpm 38d365c715489e5c2ca0c6aaed5795d1 corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.i586.rpm e628a68b96fc24856205950d5eba5141 corporate/4.0/i586/libmysql15-5.0.24-1.2.20060mlcs4.i586.rpm 93b5484b399c648f1828408fb58a7e11 corporate/4.0/i586/libmysql15-devel-5.0.24-1.2.20060mlcs4.i586.rpm 31b8c73500e0edfa03f1633bc6c69d55 corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.2.20060mlcs4.i586.rpm 6980b62dc761aa26800cf6f916ad97cd corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3f0e93587ba367bc520724669ac1c086 corporate/4.0/x86_64/MySQL-5.0.24-1.2.20060mlcs4.x86_64.rpm d944f2af2c2bd621917005feccf61873 corporate/4.0/x86_64/MySQL-Max-5.0.24-1.2.20060mlcs4.x86_64.rpm 5e2ed990999844d6f4c2b2cb86ae2bec corporate/4.0/x86_64/MySQL-bench-5.0.24-1.2.20060mlcs4.x86_64.rpm 1757800fcd5bb184878d3a6c7dbb90ba corporate/4.0/x86_64/MySQL-client-5.0.24-1.2.20060mlcs4.x86_64.rpm e7800546e65218cebedc27a17876f208 corporate/4.0/x86_64/MySQL-common-5.0.24-1.2.20060mlcs4.x86_64.rpm 8851f7b970ce101b404ce22e6a28f435 corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.2.20060mlcs4.x86_64.rpm 30756109744e4b01c35465ca79a17d01 corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.2.20060mlcs4.x86_64.rpm 6b0c0f9f352e4a0c1e4f2daf5d6cc022 corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.2.20060mlcs4.x86_64.rpm 93b941dcc96c76c4dd8d094ffcfe5d00 corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.2.20060mlcs4.x86_64.rpm 3d4aae8b37ad1f8c5311202d8d5bd216 corporate/4.0/x86_64/lib64mysql15-5.0.24-1.2.20060mlcs4.x86_64.rpm 3f1bf6d93890beac995231ef5141271e corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm e254f27be6338ef526d1ea2facfa6e6d corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.2.20060mlcs4.x86_64.rpm 6980b62dc761aa26800cf6f916ad97cd corporate/4.0/SRPMS/MySQL-5.0.24-1.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG4HL4mqjQ0CJFipgRAkpdAKDTPhozGEvLphYM4BzIso4OzLislgCfeJ+k VZ5eVA8JSlzKmPMtlIkybbs= =n/GK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/