• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MySQL Double Free Heap Corruption Vulnerability

Solution:
Conectiva has released an advisory (CLA-2003:743), to address this issue. Users are advised to download and apply a relevant fixes as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

EnGarde have made fixes available. See referenced advisory for further details.

Mandrake has made fixes available. See referenced advisory for fix information.

Trustix Secure Linux has released an advisory (TSLSA-2003-0003) which addresses this issue. Users are advised to upgrade as soon as possible.

Debian has released fixes for this issue. Links to upgraded packages are available in the attached advisory (DSA 303-1).

Red Hat has released an advisory (RHSA-2003:094) containing fixes to address this issue in Enterprise Linux and Linux Advanced Workstation. Fixes for these releases are only available through the Red Hat Network, and can be obtained using the following link:

http://rhn.redhat.com/

Fixes available:


MySQL AB MySQL 3.23.36

• EnGarde Secure Linux MySQL-3.23.36-1.0.22.i386.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-3.23.36-1. 0.22.i386.rpm


• EnGarde Secure Linux MySQL-3.23.36-1.0.22.i686.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-3.23.36-1. 0.22.i686.rpm


• EnGarde Secure Linux MySQL-3.23.36-1.0.22.src.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-3.23.36-1. 0.22.src.rpm


• EnGarde Secure Linux MySQL-client-3.23.36-1.0.22.i386.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-client-3.2 3.36-1.0.22.i386.rpm


• EnGarde Secure Linux MySQL-client-3.23.36-1.0.22.i686.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-client-3.2 3.36-1.0.22.i686.rpm


• EnGarde Secure Linux MySQL-shared-3.23.36-1.0.22.i386.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-shared-3.2 3.36-1.0.22.i386.rpm


• EnGarde Secure Linux MySQL-shared-3.23.36-1.0.22.i686.rpm
  EnGarde Secure Linux Community Edition.
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/MySQL-shared-3.2 3.36-1.0.22.i686.rpm


• Red Hat mysql-3.23.56-1.71.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/mysql-3.23.56-1.71.i386.rpm


• Red Hat mysql-devel-3.23.56-1.71.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/mysql-devel-3.23.56-1.71.i386. rpm


• Red Hat mysql-server-3.23.56-1.71.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/mysql-server-3.23.56-1.71.i386 .rpm

MySQL AB MySQL 3.23.41

• Red Hat mysql-3.23.56-1.72.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mysql-3.23.56-1.72.i386.rpm


• Red Hat mysql-3.23.56-1.72.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mysql-3.23.56-1.72.ia64.rpm


• Red Hat mysql-devel-3.23.56-1.72.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mysql-devel-3.23.56-1.72.i386. rpm


• Red Hat mysql-devel-3.23.56-1.72.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mysql-devel-3.23.56-1.72.ia64. rpm


• Red Hat mysql-server-3.23.56-1.72.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mysql-server-3.23.56-1.72.i386 .rpm


• Red Hat mysql-server-3.23.56-1.72.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mysql-server-3.23.56-1.72.ia64 .rpm

MySQL AB MySQL 3.23.49

• Debian libmysqlclient10-dev_3.23.49-8.4.woody_alpha.deb
  Alpha
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_alpha.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_arm.deb
  ARM
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_arm.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_hppa.deb
  HP
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_hppa.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_i386.deb
  IA-32
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_i386.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_ia64.deb
  IA-64
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_ia64.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_m68k.deb
  Motorola 680x0
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_m68k.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_mips.deb
  Big endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_mips.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_mipsel.deb
  Little endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_mipsel.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_powerpc.deb
  PowerPC
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_powerpc.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_s390.deb
  IBM S/390
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_s390.deb


• Debian libmysqlclient10-dev_3.23.49-8.4.woody_sparc.deb
  Sun Sparc
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.4_sparc.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_alpha.deb
  Alpha
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_alpha.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_arm.deb
  ARM
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_arm.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_hppa.deb
  HP
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_hppa.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_i386.deb
  IA-32
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_i386.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_ia64.deb
  IA-64
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_ia64.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_m68k.deb
  Motorola 680x0
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_m68k.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_mips.deb
  Big endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_mips.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_mipsel.deb
  Little endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_mipsel.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_powerpc.deb
  PowerPC
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_powerpc.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_s390.deb
  IBM S/390
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_s390.deb


• Debian libmysqlclient10_3.23.49-8.4.woody_sparc.deb
  Sun Sparc
  http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.4_sparc.deb


• Debian mysql-client_3.23.49-8.4.woody_alpha.deb
  Alpha
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_alpha.deb


• Debian mysql-client_3.23.49-8.4.woody_arm.deb
  ARM
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_arm.deb


• Debian mysql-client_3.23.49-8.4.woody_hppa.deb
  HP
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_hppa.deb


• Debian mysql-client_3.23.49-8.4.woody_i386.deb
  IA-32
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_i386.deb


• Debian mysql-client_3.23.49-8.4.woody_ia64.deb
  IA-64
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_ia64.deb


• Debian mysql-client_3.23.49-8.4.woody_m68k.deb
  Motorola 680x0
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_m68k.deb


• Debian mysql-client_3.23.49-8.4.woody_mips.deb
  Big endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_mips.deb


• Debian mysql-client_3.23.49-8.4.woody_mipsel.deb
  Little endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_mipsel.deb


• Debian mysql-client_3.23.49-8.4.woody_powerpc.deb
  PowerPC
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_powerpc.deb


• Debian mysql-client_3.23.49-8.4.woody_s390.deb
  IBM S/390
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_s390.deb


• Debian mysql-client_3.23.49-8.4.woody_sparc.deb
  Sun Sparc
  http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.4_sparc.deb


• Debian mysql-server_3.23.49-8.4.woody_alpha.deb
  Alpha
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_alpha.deb


• Debian mysql-server_3.23.49-8.4.woody_arm.deb
  ARM
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_arm.deb


• Debian mysql-server_3.23.49-8.4.woody_hppa.deb
  HP
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_hppa.deb


• Debian mysql-server_3.23.49-8.4.woody_i386.deb
  IA-32
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_i386.deb


• Debian mysql-server_3.23.49-8.4.woody_ia64.deb
  IA-64
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_ia64.deb


• Debian mysql-server_3.23.49-8.4.woody_m68k.deb
  Motorola 680x0
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_m68k.deb


• Debian mysql-server_3.23.49-8.4.woody_mips.deb
  Big endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_mips.deb


• Debian mysql-server_3.23.49-8.4.woody_mipsel.deb
  Little endian MIPS
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_mipsel.deb


• Debian mysql-server_3.23.49-8.4.woody_powerpc.deb
  PowerPC
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_powerpc.deb


• Debian mysql-server_3.23.49-8.4.woody_s390.deb
  IBM S/390
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_s390.deb


• Debian mysql-server_3.23.49-8.4.woody_sparc.deb
  Sun Sparc
  http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23 .49-8.4_sparc.deb


• Red Hat mysql-3.23.56-1.73.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mysql-3.23.56-1.73.i386.rpm


• Red Hat mysql-devel-3.23.56-1.73.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mysql-devel-3.23.56-1.73.i386. rpm


• Red Hat mysql-server-3.23.56-1.73.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mysql-server-3.23.56-1.73.i386 .rpm

MySQL AB MySQL 3.23.52

• MySQL AB MySQL 3.23.55
  http://www.mysql.com/downloads/mysql-3.23.html


• OpenPKG mysql-3.23.52-1.1.2.src.rpm
  ftp://ftp.openpkg.org/release/1.1/UPD/mysql-3.23.52-1.1.2.src.rpm


• Red Hat mysql-3.23.56-1.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mysql-3.23.56-1.80.i386.rpm


• Red Hat mysql-devel-3.23.56-1.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mysql-devel-3.23.56-1.80.i386. rpm


• Red Hat mysql-server-3.23.56-1.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mysql-server-3.23.56-1.80.i386 .rpm

MySQL AB MySQL 3.23.53

• MySQL AB MySQL 3.23.55
  http://www.mysql.com/downloads/mysql-3.23.html


• Sun Qube3-All-Security-4.0.1-16488.pkg
  Cobalt Qube3
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16488.pkg

MySQL AB MySQL 3.23.54

• MySQL AB MySQL 3.23.55
  http://www.mysql.com/downloads/mysql-3.23.html


• Trustix mysql-3.23.55-1tr.i586.rpm
  http://www.trustix.net/pub/Trustix/updates/1.5/RPMS


• Trustix mysql-bench-3.23.55-1tr.i586.rpm
  http://www.trustix.net/pub/Trustix/updates/1.5/RPMS


• Trustix mysql-client-3.23.55-1tr.i586.rpm
  http://www.trustix.net/pub/Trustix/updates/1.5/RPMS


• Trustix mysql-devel-3.23.55-1tr.i586.rpm
  http://www.trustix.net/pub/Trustix/updates/1.5/RPMS


• Trustix mysql-shared-3.23.55-1tr.i586.rpm
  http://www.trustix.net/pub/Trustix/updates/1.5/RPMS

MySQL AB MySQL 3.23.54 a

• MySQL AB MySQL 3.23.55
  http://www.mysql.com/downloads/mysql-3.23.html


• OpenPKG mysql-3.23.54a-1.2.1.src.rpm
  ftp://ftp.openpkg.org/release/1.2/UPD/mysql-3.23.54a-1.2.1.src.rpm

Conectiva Linux 7.0

• Conectiva MySQL-3.23.58-1U70_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-3.23.58-1U70_4cl.i3 86.rpm


• Conectiva MySQL-bench-3.23.58-1U70_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-bench-3.23.58-1U70_ 4cl.i386.rpm


• Conectiva MySQL-client-3.23.58-1U70_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-client-3.23.58-1U70 _4cl.i386.rpm


• Conectiva MySQL-devel-3.23.58-1U70_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-3.23.58-1U70_ 4cl.i386.rpm


• Conectiva MySQL-devel-static-3.23.58-1U70_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-static-3.23.5 8-1U70_4cl.i386.rpm


• Conectiva MySQL-doc-3.23.58-1U70_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-doc-3.23.58-1U70_4c l.i386.rpm

Conectiva Linux 8.0

• Conectiva MySQL-3.23.58-1U80_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-3.23.58-1U80_3cl.i386 .rpm


• Conectiva MySQL-bench-3.23.58-1U80_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-bench-3.23.58-1U80_3c l.i386.rpm


• Conectiva MySQL-client-3.23.58-1U80_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-client-3.23.58-1U80_3 cl.i386.rpm


• Conectiva MySQL-devel-3.23.58-1U80_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-3.23.58-1U80_3c l.i386.rpm


• Conectiva MySQL-devel-static-3.23.58-1U80_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-static-3.23.58- 1U80_3cl.i386.rpm


• Conectiva MySQL-doc-3.23.58-1U80_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-doc-3.23.58-1U80_3cl. i386.rpm

Conectiva Linux 9.0

• Conectiva MySQL-3.23.58-20507U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-3.23.58-20507U90_1cl. i386.rpm


• Conectiva MySQL-bench-3.23.58-20507U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-bench-3.23.58-20507U9 0_1cl.i386.rpm


• Conectiva MySQL-client-3.23.58-20507U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-client-3.23.58-20507U 90_1cl.i386.rpm


• Conectiva MySQL-devel-3.23.58-20507U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-3.23.58-20507U9 0_1cl.i386.rpm


• Conectiva MySQL-devel-static-3.23.58-20507U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-static-3.23.58- 20507U90_1cl.i386.rpm


• Conectiva MySQL-doc-3.23.58-20507U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-doc-3.23.58-20507U90_ 1cl.i386.rpm