DESCRIPTION
MySQL is a very popular SQL database, distributed under the GNU-GPL
license.
This update fixes three vulnerabilities in the versions of MySQL
distributed with Conectiva Linux:
1. Double free vulnerability[1] in the mysql_change_user() function.
An attacker with access to the MySQL server can exploit this
vulnerability to at least cause a denial of service condition (crash
the MySQL server process) by sending specially crafted data from a
client application.
2. World writeable configuration files vulnerability[2]. An attacker
with access to the MySQL server can create/overwrite a MySQL
configuration file using a "SELECT * INFO OUTFILE" command. This can
be exploited to, for example, cause MySQL to run as root upon
restart.
3. Password handler buffer overflow vulnerability. Frank Denis
reported[3] a buffer overflow vulnerability in the password handling
functions of MySQL. An attacker with global administrative privileges
on the MySQL server can exploit this vulnerability to execute
arbitrary code with the privileges of the user the MySQL server
process is running as.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0073[4], CAN-2003-0150[5] and
CAN-2003-0780[6] to these issues, respectively.
This update brings the latest stable MySQL version available from the
3.23 serie (3.23.58). Besides the fix or the aforementioned
vulnerabilities, this new version includes several other bugfixes and
minor enhancements, which can be seen in the project changelogs[7].
SOLUTION
We recommend that all MySQL users upgrade their packages as soon as
possible.
IMPORTANT: after the upgrade the mysql service must be restarted
manually. In order to do that, run the following command as root:
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : MySQL
SUMMARY : Several Vulnerabilities
DATE : 2003-09-18 18:59:00
ID : CLA-2003:743
RELEVANT
RELEASES : 7.0, 8, 9
- ------------------------------------------------------------------------
-
DESCRIPTION
MySQL is a very popular SQL database, distributed under the GNU-GPL
license.
This update fixes three vulnerabilities in the versions of MySQL
distributed with Conectiva Linux:
1. Double free vulnerability[1] in the mysql_change_user() function.
An attacker with access to the MySQL server can exploit this
vulnerability to at least cause a denial of service condition (crash
the MySQL server process) by sending specially crafted data from a
client application.
2. World writeable configuration files vulnerability[2]. An attacker
with access to the MySQL server can create/overwrite a MySQL
configuration file using a "SELECT * INFO OUTFILE" command. This can
be exploited to, for example, cause MySQL to run as root upon
restart.
3. Password handler buffer overflow vulnerability. Frank Denis
reported[3] a buffer overflow vulnerability in the password handling
functions of MySQL. An attacker with global administrative privileges
on the MySQL server can exploit this vulnerability to execute
arbitrary code with the privileges of the user the MySQL server
process is running as.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0073[4], CAN-2003-0150[5] and
CAN-2003-0780[6] to these issues, respectively.
This update brings the latest stable MySQL version available from the
3.23 serie (3.23.58). Besides the fix or the aforementioned
vulnerabilities, this new version includes several other bugfixes and
minor enhancements, which can be seen in the project changelogs[7].
SOLUTION
We recommend that all MySQL users upgrade their packages as soon as
possible.
IMPORTANT: after the upgrade the mysql service must be restarted
manually. In order to do that, run the following command as root:
# /sbin/service mysql restart
REFERENCES:
1.http://www.mysql.com/doc/en/News-3.23.55.html
2.http://www.securityfocus.com/archive/1/314391
3.http://www.securityfocus.com/archive/1/337012
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0073
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0150
6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780
7.http://www.mysql.com/doc/en/News-3.23.x.html
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-3.23.58-1U70_4cl.i386
.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-bench-3.23.58-1U70_4c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-client-3.23.58-1U70_4
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-3.23.58-1U70_4c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-static-3.23.58-
1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-doc-3.23.58-1U70_4cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/MySQL-3.23.58-1U70_4cl.src
.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-3.23.58-1U80_3cl.i386.r
pm
ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-bench-3.23.58-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-client-3.23.58-1U80_3cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-3.23.58-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-static-3.23.58-1U
80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-doc-3.23.58-1U80_3cl.i3
86.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/MySQL-3.23.58-1U80_3cl.src.r
pm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-3.23.58-20507U90_1cl.i3
86.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-bench-3.23.58-20507U90_
1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-client-3.23.58-20507U90
_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-3.23.58-20507U90_
1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-static-3.23.58-20
507U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-doc-3.23.58-20507U90_1c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/MySQL-3.23.58-20507U90_1cl.s
rc.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- ------------------------------------------------------------------------
-
subscribe: conectiva-updates-subscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
unsubscribe: conectiva-updates-unsubscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/airK42jd0JmAcZARAl0jAJ98hVMBeh+AbvuOv7VmWUPCDApXGQCeJX8k
gFBGtnLL+tdhLQW/o89/g9c=
=fuDl
-----END PGP SIGNATURE-----
[ reply ]