Mandriva Linux Security Advisory - The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges. The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
5a628b531e40a6b9d9e068fb6e1c8ad5e4b3687bd48204dcd3c882e30baab2ff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:028
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : January 29, 2008
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not
restore THD::db_access privileges when returning from SQL SECURITY
INVOKER stored routines, which allowed remote authenticated users to
gain privileges (CVE-2007-2692).
The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).
The updated packages provide MySQL 5.0.45 for all Mandriva Linux
platforms that shipped with MySQL 5.0.x which offers a number of
feature enhancements and bug fixes. In addition, the updates for
Corporate Server 4.0 include support for the Sphinx engine.
Please note that due to the package name change (from 'MySQL' to
'mysql'), the mysqld service will not restart automatically so users
must execute 'service mysqld start' after the upgrade is complete.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
8308e15a835905cfb1db32eada26c883 2007.0/i586/libmysql-devel-5.0.45-8.1mdv2007.0.i586.rpm
497b43aa77224faa392c5141d48e138f 2007.0/i586/libmysql-static-devel-5.0.45-8.1mdv2007.0.i586.rpm
d46c0aea4b3d4e3b57f6d58cd508af57 2007.0/i586/libmysql15-5.0.45-8.1mdv2007.0.i586.rpm
3278969388161ffed75c14e15dd9d4ad 2007.0/i586/mysql-5.0.45-8.1mdv2007.0.i586.rpm
72961088740e022b2db2c7546f361c67 2007.0/i586/mysql-bench-5.0.45-8.1mdv2007.0.i586.rpm
36c92157cda26ce4297628e66c079d7f 2007.0/i586/mysql-client-5.0.45-8.1mdv2007.0.i586.rpm
773b61b83357a3946395135431cd32db 2007.0/i586/mysql-common-5.0.45-8.1mdv2007.0.i586.rpm
21b2a793207115ccf7f36c054b50b9fe 2007.0/i586/mysql-max-5.0.45-8.1mdv2007.0.i586.rpm
1d3bd0dcb8e675674ddda288c28cb558 2007.0/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.0.i586.rpm
3db8afbca3dd5827ffedc4e47c10f97e 2007.0/i586/mysql-ndb-management-5.0.45-8.1mdv2007.0.i586.rpm
a6a279e76cca9cdf3ac5565179e80545 2007.0/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.0.i586.rpm
f8b9a30a32e247915b9858f3b7f63379 2007.0/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.0.i586.rpm
e64751b034f8560d5118b35e6a5092fb 2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
cf40fcf35654f9c2c178f8536f718f72 2007.0/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.0.x86_64.rpm
75c959ef8c66d26b24b32a79e9cc28bd 2007.0/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.0.x86_64.rpm
cdfe8b2ea0baec8d6574a13ddcb8e39b 2007.0/x86_64/lib64mysql15-5.0.45-8.1mdv2007.0.x86_64.rpm
7b55f3b2c08793911edb7aa0e1cc4b4d 2007.0/x86_64/mysql-5.0.45-8.1mdv2007.0.x86_64.rpm
6c8a12a0b9a17dc9ba2f91b69de366a3 2007.0/x86_64/mysql-bench-5.0.45-8.1mdv2007.0.x86_64.rpm
cc3b0305b62d265bf4ea28de45c409a4 2007.0/x86_64/mysql-client-5.0.45-8.1mdv2007.0.x86_64.rpm
6eed047db759509c10eb349b6c2546df 2007.0/x86_64/mysql-common-5.0.45-8.1mdv2007.0.x86_64.rpm
a4527d7bb167064a0028cf3f9b768dc5 2007.0/x86_64/mysql-max-5.0.45-8.1mdv2007.0.x86_64.rpm
f06ce459897d0e0c93a301c2312a53e9 2007.0/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.0.x86_64.rpm
937776dc1bad2a792d33184b92e9bb56 2007.0/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.0.x86_64.rpm
df971f898499ec07b86d70ca40c12567 2007.0/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.0.x86_64.rpm
aa08021ec8da55ace45677a0c2df1d81 2007.0/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.0.x86_64.rpm
e64751b034f8560d5118b35e6a5092fb 2007.0/SRPMS/mysql-5.0.45-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
a38836b0cbc846c1dd00e6d585a5a294 2007.1/i586/libmysql-devel-5.0.45-8.1mdv2007.1.i586.rpm
2b7b67b466378773aceaba6ef463bf5c 2007.1/i586/libmysql-static-devel-5.0.45-8.1mdv2007.1.i586.rpm
ce17d4f08128e4ee6fe65c0f9714d977 2007.1/i586/libmysql15-5.0.45-8.1mdv2007.1.i586.rpm
e379f1928765efaeba54e955d814e319 2007.1/i586/mysql-5.0.45-8.1mdv2007.1.i586.rpm
0b193494a536b74a26481c52b81b5ddb 2007.1/i586/mysql-bench-5.0.45-8.1mdv2007.1.i586.rpm
2eabad8947dd72625bce27a7080352d8 2007.1/i586/mysql-client-5.0.45-8.1mdv2007.1.i586.rpm
3a44bdf485a76168b8e34d5c9d32b7b6 2007.1/i586/mysql-common-5.0.45-8.1mdv2007.1.i586.rpm
a89063f71cb71697814d722d4db74681 2007.1/i586/mysql-max-5.0.45-8.1mdv2007.1.i586.rpm
dfba29fc3bc045ba88951f3f9de4aff2 2007.1/i586/mysql-ndb-extra-5.0.45-8.1mdv2007.1.i586.rpm
e8c6e2cf09c6455d744063f0263d6b21 2007.1/i586/mysql-ndb-management-5.0.45-8.1mdv2007.1.i586.rpm
cc7b6344cd4fffa8445f39ba1b346ca9 2007.1/i586/mysql-ndb-storage-5.0.45-8.1mdv2007.1.i586.rpm
467865cd19dd0490f786ee23ab54e065 2007.1/i586/mysql-ndb-tools-5.0.45-8.1mdv2007.1.i586.rpm
a9b3d46326af15bfd46be2c83686777f 2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
7b08c92ffd78f132aafba21ab594a42d 2007.1/x86_64/lib64mysql-devel-5.0.45-8.1mdv2007.1.x86_64.rpm
da3d05a494925b934e0456162b006888 2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.1mdv2007.1.x86_64.rpm
53d391471cc83b3d85db9b2bfc788494 2007.1/x86_64/lib64mysql15-5.0.45-8.1mdv2007.1.x86_64.rpm
308068c6d03d3d5abbd0b444e836cc17 2007.1/x86_64/mysql-5.0.45-8.1mdv2007.1.x86_64.rpm
04e3fb67f3f67a8747b1d2bf53b5e547 2007.1/x86_64/mysql-bench-5.0.45-8.1mdv2007.1.x86_64.rpm
851d191e569b72a5b7624b2a32e4e584 2007.1/x86_64/mysql-client-5.0.45-8.1mdv2007.1.x86_64.rpm
12fc2e3d907bfa04cb02496146cc4a56 2007.1/x86_64/mysql-common-5.0.45-8.1mdv2007.1.x86_64.rpm
16d00cebde97ee6be2742f81937d5915 2007.1/x86_64/mysql-max-5.0.45-8.1mdv2007.1.x86_64.rpm
06f1a09c1a8c5e721565b4e39390e184 2007.1/x86_64/mysql-ndb-extra-5.0.45-8.1mdv2007.1.x86_64.rpm
ac18d6bb01af8d50311d8a12090d8391 2007.1/x86_64/mysql-ndb-management-5.0.45-8.1mdv2007.1.x86_64.rpm
33f135b18c515ddcbc3a7cef106dfd82 2007.1/x86_64/mysql-ndb-storage-5.0.45-8.1mdv2007.1.x86_64.rpm
b543874252fd45641001a68523e3cb76 2007.1/x86_64/mysql-ndb-tools-5.0.45-8.1mdv2007.1.x86_64.rpm
a9b3d46326af15bfd46be2c83686777f 2007.1/SRPMS/mysql-5.0.45-8.1mdv2007.1.src.rpm
Corporate 4.0:
10b08c4aef587ab1009b30a7f6786267 corporate/4.0/i586/libmysql-devel-5.0.45-7.1.20060mlcs4.i586.rpm
5224612a804fba33a616f2e8eeb2fb66 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.1.20060mlcs4.i586.rpm
c3ba2b6e48f6ac91416e296ed2e48ccd corporate/4.0/i586/libmysql15-5.0.45-7.1.20060mlcs4.i586.rpm
a0d41fd603cadfb613fab192a9f57d8b corporate/4.0/i586/mysql-5.0.45-7.1.20060mlcs4.i586.rpm
7ad5cd1d76be29f206148756d7675466 corporate/4.0/i586/mysql-bench-5.0.45-7.1.20060mlcs4.i586.rpm
33194b388687a13e43ff6d464e058ff5 corporate/4.0/i586/mysql-client-5.0.45-7.1.20060mlcs4.i586.rpm
e95b67383618e7e903d59fa035489a38 corporate/4.0/i586/mysql-common-5.0.45-7.1.20060mlcs4.i586.rpm
465aa5b928645beff8c33da0b2a7404e corporate/4.0/i586/mysql-max-5.0.45-7.1.20060mlcs4.i586.rpm
c5c71f0d9423b930bc1da328e24205d5 corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.i586.rpm
b33302b1b3376dd5cb5f3f294e83bef6 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.1.20060mlcs4.i586.rpm
039351fc45003c4b3e21f6664cca8912 corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.i586.rpm
56931d13e6b2bb73cd40bbe148e96e9a corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.i586.rpm
041dd79dc8f4531524ea7c11386c1eaa corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8d35642f0a5ff7f8cc917751a4d52e6a corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm
2d908a9332638c14dd31e8d77113a9da corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.1.20060mlcs4.x86_64.rpm
bf3443b40917fd9f8cf872b7f0731164 corporate/4.0/x86_64/lib64mysql15-5.0.45-7.1.20060mlcs4.x86_64.rpm
070736f9c11739b1636d81244412057f corporate/4.0/x86_64/mysql-5.0.45-7.1.20060mlcs4.x86_64.rpm
cefe0f1bbc72355ce777f296b45b5ed3 corporate/4.0/x86_64/mysql-bench-5.0.45-7.1.20060mlcs4.x86_64.rpm
57e0592185510613cd47c1bafe835f47 corporate/4.0/x86_64/mysql-client-5.0.45-7.1.20060mlcs4.x86_64.rpm
7588a705de13a66d52f1a917251d6b71 corporate/4.0/x86_64/mysql-common-5.0.45-7.1.20060mlcs4.x86_64.rpm
24f33b4a948e3187d409c923c574201e corporate/4.0/x86_64/mysql-max-5.0.45-7.1.20060mlcs4.x86_64.rpm
00c7d7b67e7ad5428571cfe34472aefb corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.1.20060mlcs4.x86_64.rpm
994c10d3df42ad91db095ed3455bed75 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.1.20060mlcs4.x86_64.rpm
74ec034893fbbc0db4eecd62748f19ab corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.1.20060mlcs4.x86_64.rpm
d29e8aad80d5ad6bedbcca512700e7d1 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.1.20060mlcs4.x86_64.rpm
041dd79dc8f4531524ea7c11386c1eaa corporate/4.0/SRPMS/mysql-5.0.45-7.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHn8bhmqjQ0CJFipgRAmC2AJ9eX48lecJkUaKkXnRAWKIwgmeD8gCgmXjp
4mhVLb87csMrDvR176pf7GI=
=A9gT
-----END PGP SIGNATURE-----