Mandriva Linux Security Advisory - MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
a1e86bf461724a17194bea211aa6e1ca1410860a789cb70ca2874be4c9878a49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:017
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : January 19, 2008
Affected: 2008.0
_______________________________________________________________________
Problem Description:
MySQL 5.0.x did not update the DEFINER value of a view when the view
is altered, which allows remote authenticated users to gain privileges
via a sequence of statements including a CREATE SQL SECURITY DEFINER
VIEW statement and an ALTER VIEW statement (CVE-2007-6303).
The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
064fdb51177ab133c998acdbc71e348e 2008.0/i586/libmysql-devel-5.0.45-7.2mdv2008.0.i586.rpm
3cf962a1ea6d9606188d475837a80769 2008.0/i586/libmysql-static-devel-5.0.45-7.2mdv2008.0.i586.rpm
c282c301f8b3701f5f1679232f6a77b2 2008.0/i586/libmysql15-5.0.45-7.2mdv2008.0.i586.rpm
ca9a4284a8b0ca5bc66d6f907864ff2a 2008.0/i586/mysql-5.0.45-7.2mdv2008.0.i586.rpm
3e204768691a5dc721c3c06d9304e748 2008.0/i586/mysql-bench-5.0.45-7.2mdv2008.0.i586.rpm
fcaacf047dcab80fcd8eaec9e98e6edf 2008.0/i586/mysql-client-5.0.45-7.2mdv2008.0.i586.rpm
c8ceff5ee5f62e4cb881b3102fb5f55d 2008.0/i586/mysql-common-5.0.45-7.2mdv2008.0.i586.rpm
3b16d86484d5af6f37f52d3f3fd45d43 2008.0/i586/mysql-max-5.0.45-7.2mdv2008.0.i586.rpm
2200e4602cf8665cb9d03584ded522c1 2008.0/i586/mysql-ndb-extra-5.0.45-7.2mdv2008.0.i586.rpm
10787f09ff4219df9be485b78ec6b6a2 2008.0/i586/mysql-ndb-management-5.0.45-7.2mdv2008.0.i586.rpm
3b61d7d7dee486c33d0c80cb7cb08cfa 2008.0/i586/mysql-ndb-storage-5.0.45-7.2mdv2008.0.i586.rpm
6b1a5f5634551b370b52072d8c72f32a 2008.0/i586/mysql-ndb-tools-5.0.45-7.2mdv2008.0.i586.rpm
4e88830ddc47197339424eed0b182542 2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
bd846e77dcc332aeabc87804a51dbfa0 2008.0/x86_64/lib64mysql-devel-5.0.45-7.2mdv2008.0.x86_64.rpm
bf77fdd2232ad293d78ae9292062132e 2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.2mdv2008.0.x86_64.rpm
3056a37c767226f9b79d8010db4088bb 2008.0/x86_64/lib64mysql15-5.0.45-7.2mdv2008.0.x86_64.rpm
39136e88f94076453c6ebb40665b9afa 2008.0/x86_64/mysql-5.0.45-7.2mdv2008.0.x86_64.rpm
435e64cc3d4f3ccdae6bf24bde758c34 2008.0/x86_64/mysql-bench-5.0.45-7.2mdv2008.0.x86_64.rpm
b36f345d0172cee3a927dffa89684ac0 2008.0/x86_64/mysql-client-5.0.45-7.2mdv2008.0.x86_64.rpm
913836ec3b4a50a7ebb02474382fa1e6 2008.0/x86_64/mysql-common-5.0.45-7.2mdv2008.0.x86_64.rpm
584ded4a650873d0953899976da600c4 2008.0/x86_64/mysql-max-5.0.45-7.2mdv2008.0.x86_64.rpm
0ab53478118d684710bcaece17ca9e4f 2008.0/x86_64/mysql-ndb-extra-5.0.45-7.2mdv2008.0.x86_64.rpm
4a7b1b5fb9ab0e81cd731e3a2ce9aa03 2008.0/x86_64/mysql-ndb-management-5.0.45-7.2mdv2008.0.x86_64.rpm
5e5cf00f23eb70799d677c758227f035 2008.0/x86_64/mysql-ndb-storage-5.0.45-7.2mdv2008.0.x86_64.rpm
442688c38754b05bbb655f2301fd253a 2008.0/x86_64/mysql-ndb-tools-5.0.45-7.2mdv2008.0.x86_64.rpm
4e88830ddc47197339424eed0b182542 2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHkorKmqjQ0CJFipgRAnDmAJ4/IqwFJ6hga1E3y82oup1tpr7wrwCg71wx
vrILx5CRPdFXx9hzDk9xdcQ=
=3gHC
-----END PGP SIGNATURE-----