[Security Announce] [ MDKSA-2006:111 ] - Updated MySQL packages fixes authorized user DoS(crash) vulnerability.
Posted on: 06/23/2006 07:52 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:111
http://www.mandriva.com/security/
_______________________________________________________________________

Package : MySQL
Date : June 23, 2006
Affected: 10.2, 2006.0
_______________________________________________________________________

Problem Description:

Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before
5.1.6 allows remote authorized users to cause a denial of service (crash)
via a NULL second argument to the str_to_date function.

MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.

Packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
78e8411d4173067449ab40b253359584 10.2/RPMS/libmysql14-4.1.11-1.6.102mdk.i586.rpm
1b8c46014749729fd853c6dcee91eaed 10.2/RPMS/libmysql14-devel-4.1.11-1.6.102mdk.i586.rpm
996f92c1d1cb685938a1b019d8b637c0 10.2/RPMS/MySQL-4.1.11-1.6.102mdk.i586.rpm
766fa948a6d3e0094658aa936a76e203 10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.i586.rpm
587b166b5e24e39df778d1a49ca26c60 10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.i586.rpm
26e3fd9cf0a5977e2b934c12ad9500fc 10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.i586.rpm
66f223fa9cfe196c01c6e4b311d70a65 10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.i586.rpm
550a497e8f5fb748b9a91a0717da6c48 10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.i586.rpm
c3cd6a33370387b6b7ef26810d04ed5e 10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b93aa5af71b0fc8752b59ea9e137fbb9 x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.6.102mdk.x86_64.rpm
97baf24556b164bd67d7456f662788a2 x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.6.102mdk.x86_64.rpm
2e1874294dd1bd7bb66eca3db4b84f9f x86_64/10.2/RPMS/MySQL-4.1.11-1.6.102mdk.x86_64.rpm
e59c30459703a1143a6a5c2aa962fdeb x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.x86_64.rpm
921411f6d52933199902eae720bdfc4c x86_64/10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.x86_64.rpm
ee8319140b47877d3920a6f789f10076 x86_64/10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.x86_64.rpm
5ecce7afbba4fd0ddd9e36ef068cb007 x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.x86_64.rpm
7f30cc287096f0a28347b9a18454bdf8 x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.x86_64.rpm
c3cd6a33370387b6b7ef26810d04ed5e x86_64/10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm

Mandriva Linux 2006.0:
bbad68193933b00b85f243e80280f954 2006.0/RPMS/libmysql14-4.1.12-4.3.20060mdk.i586.rpm
c8f89626e74f928e1f997d547ea9e5ff 2006.0/RPMS/libmysql14-devel-4.1.12-4.3.20060mdk.i586.rpm
7274a11988a77408823e0fef2375cc16 2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.i586.rpm
e63c7660cb86a3e0d3240d00a43e53a9 2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.i586.rpm
aa902a285d22f9df2a33dc7d9490c3f7 2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.i586.rpm
633d3a283dd19ea2a51448b815ad53a9 2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.i586.rpm
96ce79cfbda19d2af7ba81de922561c1 2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.i586.rpm
0e83d8f9db5f77d08a0c876befbe1a67 2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.i586.rpm
7e92a87a1fbe7b3dad96372a678a2c65 2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3abed6dfe1aff3e142effab7438f1813 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.3.20060mdk.x86_64.rpm
d29d7cc058e7cd5af8068db37e2170e8 x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.3.20060mdk.x86_64.rpm
4dd7efc9fcd7fd77cc6a5f4b9e2294f5 x86_64/2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.x86_64.rpm
7b2f19ea6fd61a972038ea79063167e3 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.x86_64.rpm
434eaff2f79e6dcb6d4ad6ca7d538259 x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.x86_64.rpm
49aa9dcfbe79d8a91ad6823d505f19ac x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.x86_64.rpm
bfa5996ca7e57f071fcc4a2574883a8e x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.x86_64.rpm
9df2f30b72c53bd4be9c92b4146e5c79 x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.x86_64.rpm
7e92a87a1fbe7b3dad96372a678a2c65 x86_64/2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEm+2vmqjQ0CJFipgRAp03AKCBqLEYfQYn+lpIV8ORd0ET05DCKwCgnaYx
58aB4ezFDNLNyf9NyjyTGIs=
=Hla8
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006111__updated_mysql_packages_fixes_authorized_user_doscrash_vulnerability.html)