Mandriva Linux Security Advisory - MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
4cd2dfda3abd3da192347bfa5dc015404e12766bbaff61198e938995406ef8ed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:139
http://www.mandriva.com/security/
_______________________________________________________________________
Package : MySQL
Date : July 4, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
MySQL 5.x before 5.0.36 allows local users to cause a denial of service
(database crash) by performing information_schema table subselects
and using ORDER BY to sort a single-row result, which prevents
certain structure elements from being initialized and triggers a
NULL dereference in the filesort function. This issue does not affect
MySQL 5.0.37 in Mandriva Linux 2007.1. (CVE-2007-1420)
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40,
and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause
a denial of service (crash) via a crafted IF clause that results in
a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18
does not require the DROP privilege for RENAME TABLE statements,
which allows remote authenticated users to rename arbitrary
tables. (CVE-2007-2691)
Updated packages have been patched to prevent the above issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
21bf6c3cf8908d8ec01317dbbaeda4d4 2007.0/i586/MySQL-5.0.24a-2.1mdv2007.0.i586.rpm
af81d1d15cceb0906b17ed905c8027c6 2007.0/i586/MySQL-Max-5.0.24a-2.1mdv2007.0.i586.rpm
a90669dfc21494a4453bc31620513b82 2007.0/i586/MySQL-bench-5.0.24a-2.1mdv2007.0.i586.rpm
bd4a71a850f5df9c7583d7eff0fa2a88 2007.0/i586/MySQL-client-5.0.24a-2.1mdv2007.0.i586.rpm
6cbd4325f98ba34c3c0c07da93edf9f7 2007.0/i586/MySQL-common-5.0.24a-2.1mdv2007.0.i586.rpm
a7eef0dd7b38e3a704b49d57d9cae953 2007.0/i586/MySQL-ndb-extra-5.0.24a-2.1mdv2007.0.i586.rpm
1165add80c08fdbe13c9d0906340a998 2007.0/i586/MySQL-ndb-management-5.0.24a-2.1mdv2007.0.i586.rpm
1dab5164b03c4689a9289e5b8e4c1b83 2007.0/i586/MySQL-ndb-storage-5.0.24a-2.1mdv2007.0.i586.rpm
cfc946c33e31cad4eb3d2cee60101af8 2007.0/i586/MySQL-ndb-tools-5.0.24a-2.1mdv2007.0.i586.rpm
25fa8c6756256c4dd67ece5a36651394 2007.0/i586/libmysql15-5.0.24a-2.1mdv2007.0.i586.rpm
a36d220223051510d41b4f9a4505cc21 2007.0/i586/libmysql15-devel-5.0.24a-2.1mdv2007.0.i586.rpm
6257cf37dd793e4e28079e24d85371cf 2007.0/i586/libmysql15-static-devel-5.0.24a-2.1mdv2007.0.i586.rpm
61fd5383c89b7599741d3627c6a568f2 2007.0/SRPMS/MySQL-5.0.24a-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
3cc829514ba910e9d3118874a3390e51 2007.0/x86_64/MySQL-5.0.24a-2.1mdv2007.0.x86_64.rpm
6f84bac1c088b0ef773dcdc051de08e5 2007.0/x86_64/MySQL-Max-5.0.24a-2.1mdv2007.0.x86_64.rpm
84e4c7c9cbd439444bfb3353994e8d23 2007.0/x86_64/MySQL-bench-5.0.24a-2.1mdv2007.0.x86_64.rpm
96ac718984a765f95002a0ee934e93cd 2007.0/x86_64/MySQL-client-5.0.24a-2.1mdv2007.0.x86_64.rpm
1bed2bc4d5c4f5700b13495d8bb6f3c4 2007.0/x86_64/MySQL-common-5.0.24a-2.1mdv2007.0.x86_64.rpm
55ea8d680cfdeaf48eeacf3aa789ab19 2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.1mdv2007.0.x86_64.rpm
4047515dedd71ffe9c6fd4268e25f115 2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.1mdv2007.0.x86_64.rpm
05c75e22bf10cff94581eaa3096c2e47 2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.1mdv2007.0.x86_64.rpm
c105dd5a6a0c96ad00795183ed9f6ae8 2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.1mdv2007.0.x86_64.rpm
41c0722f531c0af55c3b2d621c29f009 2007.0/x86_64/lib64mysql15-5.0.24a-2.1mdv2007.0.x86_64.rpm
58801989259c4983f0201bab1bdb4d0e 2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.1mdv2007.0.x86_64.rpm
dc9cbf9b7edc50053dbad01c988667c1 2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.1mdv2007.0.x86_64.rpm
61fd5383c89b7599741d3627c6a568f2 2007.0/SRPMS/MySQL-5.0.24a-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
96494772204a2bbf2be3832500782456 2007.1/i586/MySQL-5.0.37-2.1mdv2007.1.i586.rpm
4c0fdbce214a1b313d5157a1b455c2f4 2007.1/i586/MySQL-Max-5.0.37-2.1mdv2007.1.i586.rpm
8b068d834518bdb3dc1f5f92bb496b8b 2007.1/i586/MySQL-bench-5.0.37-2.1mdv2007.1.i586.rpm
654367537e3d73b9913e7f49e9e368cc 2007.1/i586/MySQL-client-5.0.37-2.1mdv2007.1.i586.rpm
eb29ca9f2ba5bcddd89dfba36b33b608 2007.1/i586/MySQL-common-5.0.37-2.1mdv2007.1.i586.rpm
c5d4e06f21fbc62ef670b708125ff156 2007.1/i586/MySQL-ndb-extra-5.0.37-2.1mdv2007.1.i586.rpm
0f38ad5a905ee7b11a793fd8f96ebf72 2007.1/i586/MySQL-ndb-management-5.0.37-2.1mdv2007.1.i586.rpm
4e4c72d48124ddffe141caffa291eb7e 2007.1/i586/MySQL-ndb-storage-5.0.37-2.1mdv2007.1.i586.rpm
598327f4a6954b7d66ae670150423d10 2007.1/i586/MySQL-ndb-tools-5.0.37-2.1mdv2007.1.i586.rpm
0b3bb96443df3752707f4f350aa82795 2007.1/i586/libmysql15-5.0.37-2.1mdv2007.1.i586.rpm
4a04bedbd2ee2645c884e2b43bfb8148 2007.1/i586/libmysql15-devel-5.0.37-2.1mdv2007.1.i586.rpm
93e902375f1fe1e6748c6770aa727cfb 2007.1/i586/libmysql15-static-devel-5.0.37-2.1mdv2007.1.i586.rpm
20002982712cf20e3b568952153bf934 2007.1/SRPMS/MySQL-5.0.37-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
ce3cf3bd485bc610d6206b8e9c485bec 2007.1/x86_64/MySQL-5.0.37-2.1mdv2007.1.x86_64.rpm
cd61f695c1b2bb7936f6e7c6f9852a03 2007.1/x86_64/MySQL-Max-5.0.37-2.1mdv2007.1.x86_64.rpm
130ab74a2ecb353740fa3ce72de0d2e1 2007.1/x86_64/MySQL-bench-5.0.37-2.1mdv2007.1.x86_64.rpm
d19473f9ef587d648ba9eb9432cabb96 2007.1/x86_64/MySQL-client-5.0.37-2.1mdv2007.1.x86_64.rpm
9a7242331c11e17774778e25cc070bfb 2007.1/x86_64/MySQL-common-5.0.37-2.1mdv2007.1.x86_64.rpm
af8a57d23ba18c6d26d6c8e86c78ecd5 2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.1mdv2007.1.x86_64.rpm
a485fdba11c17a31736304ec4c350219 2007.1/x86_64/MySQL-ndb-management-5.0.37-2.1mdv2007.1.x86_64.rpm
71740a48d949c431ab93147ae9a1f016 2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.1mdv2007.1.x86_64.rpm
c75e0882938222abed05802d776d705b 2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.1mdv2007.1.x86_64.rpm
3cc3e00778849eb1441d7d1b8ffb9c77 2007.1/x86_64/lib64mysql15-5.0.37-2.1mdv2007.1.x86_64.rpm
34f0aab6fbf146fa753b6e74d018b9b4 2007.1/x86_64/lib64mysql15-devel-5.0.37-2.1mdv2007.1.x86_64.rpm
e578aa3c0533512d3172a8783951a78b 2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.1mdv2007.1.x86_64.rpm
20002982712cf20e3b568952153bf934 2007.1/SRPMS/MySQL-5.0.37-2.1mdv2007.1.src.rpm
Corporate 4.0:
6dd1e46117228da990577dcc61c62924 corporate/4.0/i586/MySQL-5.0.24-1.1.20060mlcs4.i586.rpm
056f42ca5a679334f5b10fee2ac7c3ff corporate/4.0/i586/MySQL-Max-5.0.24-1.1.20060mlcs4.i586.rpm
8ef459e29a6e0b6efc41ce10865b05c7 corporate/4.0/i586/MySQL-bench-5.0.24-1.1.20060mlcs4.i586.rpm
7d3b7b1714983c1d2eafdf8cc7bc4575 corporate/4.0/i586/MySQL-client-5.0.24-1.1.20060mlcs4.i586.rpm
0f011f86f0cd69f8298d68e711194396 corporate/4.0/i586/MySQL-common-5.0.24-1.1.20060mlcs4.i586.rpm
7863f10c35563f5ae5ab69d4c6991932 corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.1.20060mlcs4.i586.rpm
a09a90a1f7f30a7d4656f5315f3f91ea corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.1.20060mlcs4.i586.rpm
4daff89ac6a7eefa3959a3a3f4bbfa52 corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.1.20060mlcs4.i586.rpm
b1eda7ba40300324970df9167782c33b corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.1.20060mlcs4.i586.rpm
56444ba86d330cd75ebb83f2aab6aaa8 corporate/4.0/i586/libmysql15-5.0.24-1.1.20060mlcs4.i586.rpm
8b567ebda8df1f0712ee98fdace57817 corporate/4.0/i586/libmysql15-devel-5.0.24-1.1.20060mlcs4.i586.rpm
423a28d42aec3612823398b88d6ab0ce corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.1.20060mlcs4.i586.rpm
4151b2b3b22cd4b8c1dc031fb3430d78 corporate/4.0/SRPMS/MySQL-5.0.24-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b89177a384077e76ef9df8d021c74a66 corporate/4.0/x86_64/MySQL-5.0.24-1.1.20060mlcs4.x86_64.rpm
3c7b768ba6f05ea036d940cc58c6500a corporate/4.0/x86_64/MySQL-Max-5.0.24-1.1.20060mlcs4.x86_64.rpm
95da2d0ea66c4de6dadbd89324197a27 corporate/4.0/x86_64/MySQL-bench-5.0.24-1.1.20060mlcs4.x86_64.rpm
a5c454af184c33ce1e8d555ace6c8931 corporate/4.0/x86_64/MySQL-client-5.0.24-1.1.20060mlcs4.x86_64.rpm
34f0b93bc7b48c1f8fa04a74550036c3 corporate/4.0/x86_64/MySQL-common-5.0.24-1.1.20060mlcs4.x86_64.rpm
9882f3066be03c78f7dd7bbe1bf0c555 corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.1.20060mlcs4.x86_64.rpm
9c61cca4d73f8f0baf55987f538d6872 corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.1.20060mlcs4.x86_64.rpm
2d155a51c2c9ecd4ad645dcfe314280c corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.1.20060mlcs4.x86_64.rpm
eda3a5e7040258ff6005323db42d4b7e corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.1.20060mlcs4.x86_64.rpm
cf8f3a2b20f73a918afcc2c3e73ac57a corporate/4.0/x86_64/lib64mysql15-5.0.24-1.1.20060mlcs4.x86_64.rpm
87246d9937ee81c09d53243c35aff3cc corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.1.20060mlcs4.x86_64.rpm
325018d3076aebc0ca825c20b7065909 corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.1.20060mlcs4.x86_64.rpm
4151b2b3b22cd4b8c1dc031fb3430d78 corporate/4.0/SRPMS/MySQL-5.0.24-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGi/ojmqjQ0CJFipgRAj4NAKCMFSHT8PkOglo8P86m1XiXTwUasQCfWnjl
9JQL+8BVj6JxMqm+UCYacFs=
=SIi1
-----END PGP SIGNATURE-----