Advisories
Mandriva Advisories
|
 |
| Problem Description |
A buffer overflow was discovered in MySQL that could be executed by any
user with "ALTER TABLE" privileges on the "mysql" database. If
successfully exploited, the attacker could execute arbitrary code with
the privileges of the user running the mysqld process (mysqld). The
"mysql" database is used by MySQL for internal record keeping and by
default only the "root" user, or MySQL administrative account, has
permission to alter its tables.
This vulnerability was corrected in MySQL 4.0.15 and all previous
versions are vulnerable. These packages have been patched to correct
the problem.
| Updated Packages |
Mandrakelinux 8.2
33068edb004e974dc2f315b88c6cc590 8.2/RPMS/MySQL-3.23.47-5.5mdk.i586.rpm 1d1d8d91f74b93edb22d40f1588bda30 8.2/RPMS/MySQL-bench-3.23.47-5.5mdk.i586.rpm ccefbcd92d003631f911924c78ba5c26 8.2/RPMS/MySQL-client-3.23.47-5.5mdk.i586.rpm 4888d5aebdd32d9f4cb3fd9beb639864 8.2/RPMS/libmysql10-3.23.47-5.5mdk.i586.rpm e012e7d183509b0a7f20d965d6f867e8 8.2/RPMS/libmysql10-devel-3.23.47-5.5mdk.i586.rpm e6ac76b4b1e3b10f4f29b52bd07b0290 8.2/SRPMS/MySQL-3.23.47-5.5mdk.src.rpm
Mandrakelinux 8.2/PPC
71901d706aef93067cf46f0e3bdd2347 ppc/8.2/RPMS/MySQL-3.23.47-5.5mdk.ppc.rpm 09fc8ebcc7269b298887a09443308c81 ppc/8.2/RPMS/MySQL-bench-3.23.47-5.5mdk.ppc.rpm b2d82052b870b9b22a06763932400d27 ppc/8.2/RPMS/MySQL-client-3.23.47-5.5mdk.ppc.rpm 995685714e0c14c0ec69a3b010e30f8e ppc/8.2/RPMS/libmysql10-3.23.47-5.5mdk.ppc.rpm d815cd44b55da1cb9410fd51afe8816d ppc/8.2/RPMS/libmysql10-devel-3.23.47-5.5mdk.ppc.rpm e6ac76b4b1e3b10f4f29b52bd07b0290 ppc/8.2/SRPMS/MySQL-3.23.47-5.5mdk.src.rpm
Mandrakelinux 9.0
a5b26c78065992c17ee8a5a4e70cd86c 9.0/RPMS/MySQL-3.23.56-1.4mdk.i586.rpm ddab095d7a05aadf9df8c567106048f7 9.0/RPMS/MySQL-Max-3.23.56-1.4mdk.i586.rpm 976aa2ae6708e05ab530ef99e594ad7c 9.0/RPMS/MySQL-bench-3.23.56-1.4mdk.i586.rpm f5f2bc5b51ea1f7fc8b75522f5847212 9.0/RPMS/MySQL-client-3.23.56-1.4mdk.i586.rpm f3b68760fc14e323968128d2dd2a2424 9.0/RPMS/libmysql10-3.23.56-1.4mdk.i586.rpm 736921df70148f22ac2bf476f65a40e1 9.0/RPMS/libmysql10-devel-3.23.56-1.4mdk.i586.rpm f5117c9dd321fb2316454e6d1517a26c 9.0/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm
Mandrakelinux 9.1
b20d36a855f8f0e087e47fec91a3ce91 9.1/RPMS/MySQL-4.0.11a-5.1mdk.i586.rpm 7c8a41466b97a28ffbb1fba78f9e2f0b 9.1/RPMS/MySQL-Max-4.0.11a-5.1mdk.i586.rpm 231c9f602fafb2c142b7f02753f8c3eb 9.1/RPMS/MySQL-bench-4.0.11a-5.1mdk.i586.rpm ade857592838f3908d69578475bf6bcd 9.1/RPMS/MySQL-client-4.0.11a-5.1mdk.i586.rpm f8d439bec4e97f4f4efb13617875707a 9.1/RPMS/MySQL-common-4.0.11a-5.1mdk.i586.rpm 7ed8a377e95b39805f7313ac46f881b8 9.1/RPMS/libmysql12-4.0.11a-5.1mdk.i586.rpm 61bc73d27c7f9a37a58532795d3411d4 9.1/RPMS/libmysql12-devel-4.0.11a-5.1mdk.i586.rpm e122ba5f17a01c92c07d8220120b8ab1 9.1/SRPMS/MySQL-4.0.11a-5.1mdk.src.rpm
Mandrakelinux 9.1/PPC
dbcaaee7d1e1f802ced35da3c6190305 ppc/9.1/RPMS/MySQL-4.0.11a-5.1mdk.ppc.rpm 0521fee096dedee3eb791bd6a92bf796 ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.1mdk.ppc.rpm c1ca4c9d4155e153b119a9cfde27cbea ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.1mdk.ppc.rpm 2d38805e5057e566d8e50cd543749f99 ppc/9.1/RPMS/MySQL-client-4.0.11a-5.1mdk.ppc.rpm 9a1dd2b49a2a40ac16c73dec01cb1a4f ppc/9.1/RPMS/MySQL-common-4.0.11a-5.1mdk.ppc.rpm 960bf6b6c8cb542d201f5813dcc9e933 ppc/9.1/RPMS/libmysql12-4.0.11a-5.1mdk.ppc.rpm 0ef8dd187b998aef5414ff8c7793e836 ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.1mdk.ppc.rpm e122ba5f17a01c92c07d8220120b8ab1 ppc/9.1/SRPMS/MySQL-4.0.11a-5.1mdk.src.rpm
Corporate Server 2.1
a5b26c78065992c17ee8a5a4e70cd86c corporate/2.1/RPMS/MySQL-3.23.56-1.4mdk.i586.rpm ddab095d7a05aadf9df8c567106048f7 corporate/2.1/RPMS/MySQL-Max-3.23.56-1.4mdk.i586.rpm 976aa2ae6708e05ab530ef99e594ad7c corporate/2.1/RPMS/MySQL-bench-3.23.56-1.4mdk.i586.rpm f5f2bc5b51ea1f7fc8b75522f5847212 corporate/2.1/RPMS/MySQL-client-3.23.56-1.4mdk.i586.rpm f3b68760fc14e323968128d2dd2a2424 corporate/2.1/RPMS/libmysql10-3.23.56-1.4mdk.i586.rpm 736921df70148f22ac2bf476f65a40e1 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.4mdk.i586.rpm f5117c9dd321fb2316454e6d1517a26c corporate/2.1/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm
Corporate Server 2.1/X86_64
db49e2a673e2d7035c4254b4f362d7ba x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.4mdk.x86_64.rpm 54ce8bc1925e6c3e77e5423efc1eb8db x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.4mdk.x86_64.rpm b12cdc078e5fe6cd1a446b1c2989105d x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.4mdk.x86_64.rpm bcc9eb20d536d3cb11987de2c73979c1 x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.4mdk.x86_64.rpm ca05b51ed47aeb9f025364aeae0deb40 x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.4mdk.x86_64.rpm df3d171bbc930cc741b4b9e927b27b1c x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.4mdk.x86_64.rpm f5117c9dd321fb2316454e6d1517a26c x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009819.html
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.