LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA for mysql on SL4.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Mon, 4 Aug 2008 15:21:24 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (117 lines)

We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is 
working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new 
name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

      SRPMS:
mysql-4.1.22-2.el4.sl.src.rpm
      i386:
mysql-4.1.22-2.el4.sl.i386.rpm
mysql-bench-4.1.22-2.el4.sl.i386.rpm
mysql-devel-4.1.22-2.el4.sl.i386.rpm
mysql-server-4.1.22-2.el4.sl.i386.rpm
      x86_64:
mysql-4.1.22-2.el4.sl.i386.rpm
mysql-4.1.22-2.el4.sl.x86_64.rpm
mysql-bench-4.1.22-2.el4.sl.x86_64.rpm
mysql-devel-4.1.22-2.el4.sl.i386.rpm
mysql-devel-4.1.22-2.el4.sl.x86_64.rpm
mysql-server-4.1.22-2.el4.sl.x86_64.rpm

Troy

Troy Dawson wrote:
> Synopsis:       Moderate: mysql security, bug fix, and enhancement update
> Issue date:     2008-07-24
> CVE Names:      CVE-2006-3469 CVE-2006-4031 CVE-2007-2691
>                  CVE-2008-2079
> 
> MySQL did not correctly check directories used as arguments for the DATA
> DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated
> attacker could elevate their access privileges to tables created by other
> database users. Note: this attack does not work on existing tables. An
> attacker can only elevate their access to another user's tables as the
> tables are created. As well, the names of these created tables need to be
> predicted correctly for this attack to succeed. (CVE-2008-2079)
> 
> MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.
> An authenticated user could use this flaw to rename arbitrary tables.
> (CVE-2007-2691)
> 
> MySQL allowed an authenticated user to access a table through a previously
> created MERGE table, even after the user's privileges were revoked from the
> original table, which might violate intended security policy. This is
> addressed by allowing the MERGE storage engine to be disabled, which can be
> done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)
> 
> A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to
> crash via crafted SQL queries. This only caused a temporary denial of
> service, as the MySQL daemon is automatically restarted after the crash.
> (CVE-2006-3469)
> 
> As well, these updated packages fix the following bugs:
> 
> * in the previous mysql packages, if a column name was referenced more
> than once in an "ORDER BY" section of a query, a segmentation fault
> occurred.
> 
> * when MySQL failed to start, the init script returned a successful (0)
> exit code. When using the Red Hat Cluster Suite, this may have caused
> cluster services to report a successful start, even when MySQL failed to
> start. In these updated packages, the init script returns the correct exit
> codes, which resolves this issue.
> 
> * it was possible to use the mysqld_safe command to specify invalid port
> numbers (higher than 65536), causing invalid ports to be created, and, in
> some cases, a "port number definition: unsigned short" error. In these
> updated packages, when an invalid port number is specified, the default
> port number is used.
> 
> * when setting "myisam_repair_threads > 1", any repair set the index
> cardinality to "1", regardless of the table size.
> 
> * the MySQL init script no longer runs "chmod -R" on the entire database
> directory tree during every startup.
> 
> * when running "mysqldump" with the MySQL 4.0 compatibility mode option,
> "--compatible=mysql40", mysqldump created dumps that omitted the
> "auto_increment" field.
> 
> As well, the MySQL init script now uses more reliable methods for
> determining parameters, such as the data directory location.
> 
> Note: these updated packages upgrade MySQL to version 4.1.22. For a full
> list of bug fixes and enhancements, refer to the MySQL release notes:
> http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html
> 
> SL 4.x
> 
>     SRPMS:
> mysql-4.1.22-2.el4.src.rpm
>     i386:
> mysql-4.1.22-2.el4.i386.rpm
> mysql-bench-4.1.22-2.el4.i386.rpm
> mysql-devel-4.1.22-2.el4.i386.rpm
> mysql-server-4.1.22-2.el4.i386.rpm
>     x86_64:
> mysql-4.1.22-2.el4.i386.rpm
> mysql-4.1.22-2.el4.x86_64.rpm
> mysql-bench-4.1.22-2.el4.x86_64.rpm
> mysql-devel-4.1.22-2.el4.i386.rpm
> mysql-devel-4.1.22-2.el4.x86_64.rpm
> mysql-server-4.1.22-2.el4.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV