Home / vulnerabilitiesPDF  

MDVSA-2008-149.txt

Posted on 22 July 2008
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:149
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : July 19, 2008
Affected: 2008.1
_______________________________________________________________________

Problem Description:

Sergei Golubchik found that MySQL did not properly validate optional
data or index directory paths given in a CREATE TABLE statement; as
well it would not, under certain conditions, prevent two databases
from using the same paths for data or index files. This could allow
an authenticated user with appropriate privilege to create tables in
one database to read and manipulate data in tables later created in
other databases, regardless of GRANT privileges (CVE-2008-2079).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
6782fa8e80d657cc32a784791296136c 2008.1/i586/libmysql15-5.0.51a-8.1mdv2008.1.i586.rpm
d38cfb788ab390a22e50c4d8cd88f713 2008.1/i586/libmysql-devel-5.0.51a-8.1mdv2008.1.i586.rpm
17c5413087a43818eb37625415db339c 2008.1/i586/libmysql-static-devel-5.0.51a-8.1mdv2008.1.i586.rpm
725b41649fd161c63087f0e44ec488bb 2008.1/i586/mysql-5.0.51a-8.1mdv2008.1.i586.rpm
c6864405d42406bf85f8e2fb08af8793 2008.1/i586/mysql-bench-5.0.51a-8.1mdv2008.1.i586.rpm
e6df015114747e50092b6a9d7225e821 2008.1/i586/mysql-client-5.0.51a-8.1mdv2008.1.i586.rpm
5b359172c307e980b7c8d3e409f1f85a 2008.1/i586/mysql-common-5.0.51a-8.1mdv2008.1.i586.rpm
b65eb90008f0f329fcd78aa601c941cf 2008.1/i586/mysql-doc-5.0.51a-8.1mdv2008.1.i586.rpm
803c2840d6e56e851d043c21c8d153ba 2008.1/i586/mysql-max-5.0.51a-8.1mdv2008.1.i586.rpm
ce4f47ad3c03549aee94d5b88734f6c8 2008.1/i586/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.i586.rpm
3f4013ca6f91d85d00895d58fccb235a 2008.1/i586/mysql-ndb-management-5.0.51a-8.1mdv2008.1.i586.rpm
494932ed64f2813cf0896f23112debc3 2008.1/i586/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.i586.rpm
d7c24b1ccf013e14adc943fe90fc11c5 2008.1/i586/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.i586.rpm
0e68ede1df17ebd9dfa4c02ca7205dc1 2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
7efe5a4aaf106e5f28118d4f0a6757e5 2008.1/x86_64/lib64mysql15-5.0.51a-8.1mdv2008.1.x86_64.rpm
0793a32b20f398f03580aaa5377e5192 2008.1/x86_64/lib64mysql-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
c3efcca1e7b13bf2d38cc15ac34c3a05 2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.1mdv2008.1.x86_64.rpm
aa1408995eec88602fe6cde92b662814 2008.1/x86_64/mysql-5.0.51a-8.1mdv2008.1.x86_64.rpm
ac232e2c080dccf9745f18a901079b7d 2008.1/x86_64/mysql-bench-5.0.51a-8.1mdv2008.1.x86_64.rpm
af82fcb4a9c02aa0994015892a0d1297 2008.1/x86_64/mysql-client-5.0.51a-8.1mdv2008.1.x86_64.rpm
7628f598b3d767f0f37f30b80f224db8 2008.1/x86_64/mysql-common-5.0.51a-8.1mdv2008.1.x86_64.rpm
ae212a73fda5f0e334d71a0fca4cd8b5 2008.1/x86_64/mysql-doc-5.0.51a-8.1mdv2008.1.x86_64.rpm
734b94f12d8c8b9042780e03d0a2c7df 2008.1/x86_64/mysql-max-5.0.51a-8.1mdv2008.1.x86_64.rpm
53a4ab72777ab8c85a89f8f37ceaecff 2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.1mdv2008.1.x86_64.rpm
8f57766a240e25ae39c11ffba53f5762 2008.1/x86_64/mysql-ndb-management-5.0.51a-8.1mdv2008.1.x86_64.rpm
3e0df3dabd48d33ccfe4322bffe36743 2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.1mdv2008.1.x86_64.rpm
02030eb47df043478edc5886d9706849 2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.1mdv2008.1.x86_64.rpm
0e68ede1df17ebd9dfa4c02ca7205dc1 2008.1/SRPMS/mysql-5.0.51a-8.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIghjzmqjQ0CJFipgRAg2lAKCPKI1bYFVEu+WtzrBRzIERRkuzvwCfeakB
uT2vsaASgbZ7/Mfe3zNpGmo=
=aIyr
-----END PGP SIGNATURE-----

 

TOP