LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: mysql on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 16 Feb 2010 15:29:54 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

Synopsis:	Moderate: mysql security update

Issue date:	2010-02-16

CVE Names:	CVE-2009-4019 CVE-2009-4028 CVE-2009-4030



CVE-2009-4019 mysql: DoS (crash) when comparing GIS items from subquery 

and when handling subqueires in WHERE  and assigning a SELECT result to 

a @variable

CVE-2009-4028 mysql: client SSL certificate verification flaw

CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098



It was discovered that the MySQL client ignored certain SSL certificate

verification errors when connecting to servers. A man-in-the-middle

attacker could use this flaw to trick MySQL clients into connecting to a

spoofed MySQL server. (CVE-2009-4028)



Note: This fix may uncover previously hidden SSL configuration issues, 

such as incorrect CA certificates being used by clients or expired 

server certificates. This update should be carefully tested in 

deployments where SSL connections are used.



A flaw was found in the way MySQL handled SELECT statements with 

subqueries in the WHERE clause, that assigned results to a user 

variable. A remote, authenticated attacker could use this flaw to crash 

the MySQL server daemon (mysqld). This issue only caused a temporary 

denial of service, as the MySQL daemon was automatically restarted after 

the crash. (CVE-2009-4019)



When the "datadir" option was configured with a relative path, MySQL did

not properly check paths used as arguments for the DATA DIRECTORY and 

INDEX DIRECTORY directives. An authenticated attacker could use this 

flaw to bypass the restriction preventing the use of subdirectories of 

the MySQL data directory being used as DATA DIRECTORY and INDEX 

DIRECTORY paths. (CVE-2009-4030)



Note: Due to the security risks and previous security issues related to 

the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not

depending on this feature should consider disabling it by adding 

"symbolic-links=0" to the "[mysqld]" section of the "my.cnf" 

configuration file. In this update, an example of such a configuration 

was added to the default "my.cnf" file.



After installing this update, the MySQL server daemon (mysqld) will be 

restarted automatically.



SL 5.x



     SRPMS:

mysql-5.0.77-4.el5_4.2.src.rpm

     i386:

mysql-5.0.77-4.el5_4.2.i386.rpm

mysql-bench-5.0.77-4.el5_4.2.i386.rpm

mysql-devel-5.0.77-4.el5_4.2.i386.rpm

mysql-server-5.0.77-4.el5_4.2.i386.rpm

mysql-test-5.0.77-4.el5_4.2.i386.rpm

     x86_64:

mysql-5.0.77-4.el5_4.2.i386.rpm

mysql-5.0.77-4.el5_4.2.x86_64.rpm

mysql-bench-5.0.77-4.el5_4.2.x86_64.rpm

mysql-devel-5.0.77-4.el5_4.2.i386.rpm

mysql-devel-5.0.77-4.el5_4.2.x86_64.rpm

mysql-server-5.0.77-4.el5_4.2.x86_64.rpm

mysql-test-5.0.77-4.el5_4.2.x86_64.rpm



-Connie Sieh

-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV