Mandriva Linux Security Advisory - A vulnerability in MySQL prior to 5.0.45 did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure. A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error. Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to.
4786ea98c0b6ab4c13f9ed6e23041aa58e952b5a5219846b12a6b0c4d8df2b83
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:243
http://www.mandriva.com/security/
_______________________________________________________________________
Package : MySQL
Date : December 10, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in MySQL prior to 5.0.45 did not require priveliges
such as SELECT for the source table in a CREATE TABLE LIKE statement,
allowing remote authenticated users to obtain sensitive information
such as the table structure (CVE-2007-3781).
A vulnerability in the InnoDB engine in MySQL allowed remote
authenticated users to cause a denial of service (database crash)
via certain CONTAINS operations on an indexed column, which triggered
an assertion error (CVE-2007-5925).
Using RENAME TABLE against a table with explicit DATA DIRECTORY and
INDEX DIRECTORY options could be used to overwrite system table
information by replacing the file to which a symlink pointed to
(CVE-2007-5969).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
ae48df2b0377d0f2ebb0aaaa7b6310c6 2007.0/i586/MySQL-5.0.24a-2.3mdv2007.0.i586.rpm
ecf691100caecf50b3643b6c254e0b1b 2007.0/i586/MySQL-Max-5.0.24a-2.3mdv2007.0.i586.rpm
8b6f53c1c9fa5f2150a8e7cc20b3a635 2007.0/i586/MySQL-bench-5.0.24a-2.3mdv2007.0.i586.rpm
bde8ba1841f68683a984cdea2405d40d 2007.0/i586/MySQL-client-5.0.24a-2.3mdv2007.0.i586.rpm
01dcc1472f5c013e80454458ca0bcdd5 2007.0/i586/MySQL-common-5.0.24a-2.3mdv2007.0.i586.rpm
d8ffbdd8f1e83dddc18ae1ab3da417ce 2007.0/i586/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.i586.rpm
836a595ac27e4e1bf9f0c554c625d8ee 2007.0/i586/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.i586.rpm
a830470e23ab010c43165d89ee64d2b1 2007.0/i586/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.i586.rpm
89311e6a8ab90817d697100492d99695 2007.0/i586/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.i586.rpm
3cf781afa097fba7d0e80efe4e8c7316 2007.0/i586/libmysql15-5.0.24a-2.3mdv2007.0.i586.rpm
54c8da360b46bec71b1d6e165f29cd10 2007.0/i586/libmysql15-devel-5.0.24a-2.3mdv2007.0.i586.rpm
150e51cad7944bd0a079ce0fa04f4396 2007.0/i586/libmysql15-static-devel-5.0.24a-2.3mdv2007.0.i586.rpm
b26414bdd5720ef35f6f76bbb5822760 2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
dafabcfc5d4c8a72f122efeea6de49d6 2007.0/x86_64/MySQL-5.0.24a-2.3mdv2007.0.x86_64.rpm
9dd7a9ddedc86e0b7fc2a5c84f483c68 2007.0/x86_64/MySQL-Max-5.0.24a-2.3mdv2007.0.x86_64.rpm
1a63a771fb1019101771a7933488a335 2007.0/x86_64/MySQL-bench-5.0.24a-2.3mdv2007.0.x86_64.rpm
3d353e6abc9cdcd92391e1d42b667347 2007.0/x86_64/MySQL-client-5.0.24a-2.3mdv2007.0.x86_64.rpm
e34fe5b73b3747c786e1e170cf503b28 2007.0/x86_64/MySQL-common-5.0.24a-2.3mdv2007.0.x86_64.rpm
dea1a4166a873372a5580b96bbcb81ee 2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.3mdv2007.0.x86_64.rpm
86a9c04d129f88f3dfd9211a94fc0283 2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.3mdv2007.0.x86_64.rpm
9f07fb9af772f3700af8d0655e6d4fc7 2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.3mdv2007.0.x86_64.rpm
160166e5ef2aa5614e6bbf97b40e83b0 2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.3mdv2007.0.x86_64.rpm
4437780704ec957046236da489097898 2007.0/x86_64/lib64mysql15-5.0.24a-2.3mdv2007.0.x86_64.rpm
e183be407214a07cf03bca7a9d48a003 2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm
924fe118e9b7d3195f98ec5488069087 2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.3mdv2007.0.x86_64.rpm
b26414bdd5720ef35f6f76bbb5822760 2007.0/SRPMS/MySQL-5.0.24a-2.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
af618358834880d59c51efbb9114f44b 2007.1/i586/MySQL-5.0.37-2.3mdv2007.1.i586.rpm
bdf67dcabe1419c25be32e704ffc9118 2007.1/i586/MySQL-Max-5.0.37-2.3mdv2007.1.i586.rpm
a0e054eee6399ca0ac038ffdbf062b49 2007.1/i586/MySQL-bench-5.0.37-2.3mdv2007.1.i586.rpm
edc74fc3a9f85e0834ad8de6b5c7641a 2007.1/i586/MySQL-client-5.0.37-2.3mdv2007.1.i586.rpm
a05be3c7dbab742efc31c52174cb80f8 2007.1/i586/MySQL-common-5.0.37-2.3mdv2007.1.i586.rpm
110e07270766e269ea8c720c69ffea31 2007.1/i586/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.i586.rpm
f97bc06af4f92fb1641ccc8c8c755925 2007.1/i586/MySQL-ndb-management-5.0.37-2.3mdv2007.1.i586.rpm
80061a23f4f385ea92ead26926a4f1bd 2007.1/i586/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.i586.rpm
e7746d0fdaedc620600ca804217880be 2007.1/i586/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.i586.rpm
341849b4e854eecee9bce112de3aabbf 2007.1/i586/libmysql15-5.0.37-2.3mdv2007.1.i586.rpm
f54ad215095b969d4eaa9387888ee382 2007.1/i586/libmysql15-devel-5.0.37-2.3mdv2007.1.i586.rpm
a8ccc5cd79afb825f07b800562eeb983 2007.1/i586/libmysql15-static-devel-5.0.37-2.3mdv2007.1.i586.rpm
c15830b94be90e125932c124277cb4e5 2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
4114f7053c623903ae1052c87298104a 2007.1/x86_64/MySQL-5.0.37-2.3mdv2007.1.x86_64.rpm
6dc932e046c3acea306c2d73f974cd4d 2007.1/x86_64/MySQL-Max-5.0.37-2.3mdv2007.1.x86_64.rpm
af7084761155f1ae4ae4ffb38fd6f5d5 2007.1/x86_64/MySQL-bench-5.0.37-2.3mdv2007.1.x86_64.rpm
c9ac2de19761bec973a01587fa5e4771 2007.1/x86_64/MySQL-client-5.0.37-2.3mdv2007.1.x86_64.rpm
630177c360a7ccef549856b489c1cba9 2007.1/x86_64/MySQL-common-5.0.37-2.3mdv2007.1.x86_64.rpm
2e54c976e101b85d01b28b010a155117 2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.3mdv2007.1.x86_64.rpm
19c236527f8d45b49a68081b61b198b9 2007.1/x86_64/MySQL-ndb-management-5.0.37-2.3mdv2007.1.x86_64.rpm
9621e6dbaa7414fcc509ca03c0c1b9fc 2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.3mdv2007.1.x86_64.rpm
4ccced339bde031d32d68da7ecac9c62 2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.3mdv2007.1.x86_64.rpm
e889ec496f2e3f49614f83972a387b88 2007.1/x86_64/lib64mysql15-5.0.37-2.3mdv2007.1.x86_64.rpm
e3d0231d99696ba1c6d17b7243cb0572 2007.1/x86_64/lib64mysql15-devel-5.0.37-2.3mdv2007.1.x86_64.rpm
7af0d505dd140cd2b93ed8df1ffda4c3 2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.3mdv2007.1.x86_64.rpm
c15830b94be90e125932c124277cb4e5 2007.1/SRPMS/MySQL-5.0.37-2.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
89cdb41e21ed18fc26ceed435aa7d93b 2008.0/i586/libmysql-devel-5.0.45-7.1mdv2008.0.i586.rpm
cba56cb02d635ad2f7836efa669a3e3a 2008.0/i586/libmysql-static-devel-5.0.45-7.1mdv2008.0.i586.rpm
ba1f720538f76334697746f9356467cf 2008.0/i586/libmysql15-5.0.45-7.1mdv2008.0.i586.rpm
95283adc79f2fe21611aa595f047ff22 2008.0/i586/mysql-5.0.45-7.1mdv2008.0.i586.rpm
53cc7abc631e7046e8510ad7bfcd9401 2008.0/i586/mysql-bench-5.0.45-7.1mdv2008.0.i586.rpm
7c625f140ce1a4ec8708424256ff75a2 2008.0/i586/mysql-client-5.0.45-7.1mdv2008.0.i586.rpm
81549bb1dc4d2ad0e328c67ea76245e5 2008.0/i586/mysql-common-5.0.45-7.1mdv2008.0.i586.rpm
71bf968ec0e8c0a8fac261605dff029c 2008.0/i586/mysql-max-5.0.45-7.1mdv2008.0.i586.rpm
8dcc6d09c69169e9a58dd44e39022364 2008.0/i586/mysql-ndb-extra-5.0.45-7.1mdv2008.0.i586.rpm
f1928ffbe77276098519f64c6f522e1a 2008.0/i586/mysql-ndb-management-5.0.45-7.1mdv2008.0.i586.rpm
0770146e29802dd26bacc6768f4e0202 2008.0/i586/mysql-ndb-storage-5.0.45-7.1mdv2008.0.i586.rpm
bc9325b67c64f9ba63d14d7eb582bd1a 2008.0/i586/mysql-ndb-tools-5.0.45-7.1mdv2008.0.i586.rpm
c0575884589bcd70be748a2ff39f19c1 2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
5adbf1a745ebe3c9d68600e6ae3cc90d 2008.0/x86_64/lib64mysql-devel-5.0.45-7.1mdv2008.0.x86_64.rpm
fcef4c2a7bf00d5939bd0a2512f05004 2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.1mdv2008.0.x86_64.rpm
3ebea8d3fbedacb7a96195f1a49e0004 2008.0/x86_64/lib64mysql15-5.0.45-7.1mdv2008.0.x86_64.rpm
d08b3ec903dc8c804d573796a401ec64 2008.0/x86_64/mysql-5.0.45-7.1mdv2008.0.x86_64.rpm
b40014e51bf2e68b5dd67365ae099885 2008.0/x86_64/mysql-bench-5.0.45-7.1mdv2008.0.x86_64.rpm
faf05a4c4a684e63db58e2cfa779066c 2008.0/x86_64/mysql-client-5.0.45-7.1mdv2008.0.x86_64.rpm
d5d51b2fe6810193443e337cc063cc6f 2008.0/x86_64/mysql-common-5.0.45-7.1mdv2008.0.x86_64.rpm
36db213a8d356145f769c4764ecfdb43 2008.0/x86_64/mysql-max-5.0.45-7.1mdv2008.0.x86_64.rpm
3b7b4c4348a94687e6f70a077190578a 2008.0/x86_64/mysql-ndb-extra-5.0.45-7.1mdv2008.0.x86_64.rpm
6c6b4ac3e2e7f93ec4ae7736989a4865 2008.0/x86_64/mysql-ndb-management-5.0.45-7.1mdv2008.0.x86_64.rpm
ae26212b354d64f8c903dc771bc9d1b7 2008.0/x86_64/mysql-ndb-storage-5.0.45-7.1mdv2008.0.x86_64.rpm
ebd97d817a3c8c6d208712ad8fc5b788 2008.0/x86_64/mysql-ndb-tools-5.0.45-7.1mdv2008.0.x86_64.rpm
c0575884589bcd70be748a2ff39f19c1 2008.0/SRPMS/mysql-5.0.45-7.1mdv2008.0.src.rpm
Corporate 4.0:
e7d08c55508c5aff029bc712c3eaa985 corporate/4.0/i586/MySQL-5.0.24-1.3.20060mlcs4.i586.rpm
2929501ca876443313448190a76dd4b1 corporate/4.0/i586/MySQL-Max-5.0.24-1.3.20060mlcs4.i586.rpm
42ae6b36dd3fd0b655cdf853bcdac756 corporate/4.0/i586/MySQL-bench-5.0.24-1.3.20060mlcs4.i586.rpm
bf6c9a292ac3ceffe194b9515353bcf8 corporate/4.0/i586/MySQL-client-5.0.24-1.3.20060mlcs4.i586.rpm
423f7921eb3f13bce192b361115b63be corporate/4.0/i586/MySQL-common-5.0.24-1.3.20060mlcs4.i586.rpm
b0ceab082e27ee7ec0463396cc3239a5 corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.i586.rpm
64e94e4df86309716ba11f28e7c06086 corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.i586.rpm
68965d44922b0b7c6ccb58a939747c73 corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.i586.rpm
72dfe4a7c58ed1249cb096b9f0d661ca corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.i586.rpm
f5da97c0283a559c161956371b92c1de corporate/4.0/i586/libmysql15-5.0.24-1.3.20060mlcs4.i586.rpm
d835024b4814af69ca86c90a417b1ab5 corporate/4.0/i586/libmysql15-devel-5.0.24-1.3.20060mlcs4.i586.rpm
9c6c70427dfed5a57a13e5902a98022b corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.3.20060mlcs4.i586.rpm
399ce94ad408bddedab3d81288121625 corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7e2d63d05b367f306249c9550208e118 corporate/4.0/x86_64/MySQL-5.0.24-1.3.20060mlcs4.x86_64.rpm
5173adbc8c5eab3d28c6b9e3ec43ff87 corporate/4.0/x86_64/MySQL-Max-5.0.24-1.3.20060mlcs4.x86_64.rpm
942043cc7038c2b67a5fc46ceb8f3103 corporate/4.0/x86_64/MySQL-bench-5.0.24-1.3.20060mlcs4.x86_64.rpm
b7e443185fd52a138e59db1b585892a4 corporate/4.0/x86_64/MySQL-client-5.0.24-1.3.20060mlcs4.x86_64.rpm
68b16b2a302efd03fe14393101e456b1 corporate/4.0/x86_64/MySQL-common-5.0.24-1.3.20060mlcs4.x86_64.rpm
8f29021b04eb3467ae0ffab4af5e7e93 corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.3.20060mlcs4.x86_64.rpm
ae0b10b13ea0dd9baef8c1a2a728ffde corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.3.20060mlcs4.x86_64.rpm
b21a2b8fc11c15b4106096f819b56997 corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.3.20060mlcs4.x86_64.rpm
3ed7adeec020550150264758f002a296 corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.3.20060mlcs4.x86_64.rpm
21aeb21a7295e6cadc89d9cdf5a917fa corporate/4.0/x86_64/lib64mysql15-5.0.24-1.3.20060mlcs4.x86_64.rpm
bb9cfd0b7bf9dcadb498ec550b4e135c corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm
3b7daadd91dc22dbb16b5c2e9f16a11c corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.3.20060mlcs4.x86_64.rpm
399ce94ad408bddedab3d81288121625 corporate/4.0/SRPMS/MySQL-5.0.24-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHXbndmqjQ0CJFipgRApC8AJ4i3TnENhYsdgeNsxRmcvjkzOCMxACg4W6r
84ksq8yvKbneUsb8qd4J6pw=
=YmKU
-----END PGP SIGNATURE-----