-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: MySQL Advisory ID: MDKSA-2005:163 Date: September 12th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: A stack-based buffer overflow was discovered in the init_syms function in MySQL that allows authenticated users that can create user-defined functions to execute arbitrary code via a long function_name field. The updated packages have been patched to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2558 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: c0ca77359461d6e4503d040f657405cc 10.1/RPMS/libmysql12-4.0.20-3.5.101mdk.i586.rpm 3ee6767c39b4e24e7ff178479fff4da4 10.1/RPMS/libmysql12-devel-4.0.20-3.5.101mdk.i586.rpm 5fff82de496c98638c91b3b20fcc0be1 10.1/RPMS/MySQL-4.0.20-3.5.101mdk.i586.rpm c47820ad3f2568279a8854a59a5ca6c4 10.1/RPMS/MySQL-Max-4.0.20-3.5.101mdk.i586.rpm 2ca25895290ff3e717ea4fb21b25beec 10.1/RPMS/MySQL-bench-4.0.20-3.5.101mdk.i586.rpm 5dde3104a02b283dd4ea53255be6e28c 10.1/RPMS/MySQL-client-4.0.20-3.5.101mdk.i586.rpm d7d411a693de4e757f6bd87c3d3e8228 10.1/RPMS/MySQL-common-4.0.20-3.5.101mdk.i586.rpm 147a03a204620f68094e327236d8569a 10.1/SRPMS/MySQL-4.0.20-3.5.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 6efbf74429938fe12d67e724975669f7 x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.5.101mdk.x86_64.rpm e8ea787e503f420646d0ab1aeb7fd7bd x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.5.101mdk.x86_64.rpm e1c87e33304d7c5dece5a0bfed367f41 x86_64/10.1/RPMS/MySQL-4.0.20-3.5.101mdk.x86_64.rpm c02df0a16db0f3440afedd53c9bd5510 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.5.101mdk.x86_64.rpm 886d53b2b08d334209fda4e14920b075 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.5.101mdk.x86_64.rpm cb934efc4a61c0ec2dca9c6f6e8d56a5 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.5.101mdk.x86_64.rpm fc6b5c2cad48ee84c2dda8094b504874 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.5.101mdk.x86_64.rpm 147a03a204620f68094e327236d8569a x86_64/10.1/SRPMS/MySQL-4.0.20-3.5.101mdk.src.rpm Mandrakelinux 10.2: 672a98dc051b64e6a5efee02cdc163d8 10.2/RPMS/libmysql14-4.1.11-1.1.102mdk.i586.rpm 07a736279b7623325c2f2fde828886e3 10.2/RPMS/libmysql14-devel-4.1.11-1.1.102mdk.i586.rpm cb2fb817c72a88d905a0875694ec8b7f 10.2/RPMS/MySQL-4.1.11-1.1.102mdk.i586.rpm 8a2e42d756032bc400bc1d10170e6f46 10.2/RPMS/MySQL-Max-4.1.11-1.1.102mdk.i586.rpm d008f499f18cef6c9d92cade794a765c 10.2/RPMS/MySQL-NDB-4.1.11-1.1.102mdk.i586.rpm 2d3a54a41b82cff0c9d22a442a5df6af 10.2/RPMS/MySQL-bench-4.1.11-1.1.102mdk.i586.rpm 47185384cc46fbb7651dd220a63cfd9c 10.2/RPMS/MySQL-client-4.1.11-1.1.102mdk.i586.rpm 3a434ce8c27ebb6979c350c551815939 10.2/RPMS/MySQL-common-4.1.11-1.1.102mdk.i586.rpm ec76c46c73c9c4a2b454026c98e9e37a 10.2/SRPMS/MySQL-4.1.11-1.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 45058361222d0099c5b76e0fff9106e1 x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.1.102mdk.x86_64.rpm 2dd5dbdf223f5200c032e8f3f6feb525 x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.1.102mdk.x86_64.rpm 4c2c5755a8f887aec086edef890de8ab x86_64/10.2/RPMS/MySQL-4.1.11-1.1.102mdk.x86_64.rpm 892005b80148274b24279a159c14ea84 x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.1.102mdk.x86_64.rpm 9c99ebde5888ac68543aad8db0bfbbf1 x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.1.102mdk.x86_64.rpm a69e37c9949a9def639560ad6c51b387 x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.1.102mdk.x86_64.rpm 9b036b241347c113e971d2006baf0d3c x86_64/10.2/RPMS/MySQL-client-4.1.11-1.1.102mdk.x86_64.rpm 81faea0e3ed95a1e62d912f24e98aa65 x86_64/10.2/RPMS/MySQL-common-4.1.11-1.1.102mdk.x86_64.rpm ec76c46c73c9c4a2b454026c98e9e37a x86_64/10.2/SRPMS/MySQL-4.1.11-1.1.102mdk.src.rpm Corporate 3.0: 04d4151eae7ed878c21f2e279c859a2a corporate/3.0/RPMS/libmysql12-4.0.18-1.6.C30mdk.i586.rpm f6c6fe9dc10a247ac1ea20b3bf7cbaaa corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.6.C30mdk.i586.rpm 516d015085f8877d4a10492053c74133 corporate/3.0/RPMS/MySQL-4.0.18-1.6.C30mdk.i586.rpm 52176303aa9e6915f34446a2575bcfa1 corporate/3.0/RPMS/MySQL-Max-4.0.18-1.6.C30mdk.i586.rpm 4c19bb8b4a2c3a731d056ce39b84fd26 corporate/3.0/RPMS/MySQL-bench-4.0.18-1.6.C30mdk.i586.rpm 5a84ae1d8c37fe41271f9797a90921b6 corporate/3.0/RPMS/MySQL-client-4.0.18-1.6.C30mdk.i586.rpm fe50c3c3380f386064c9c580e8468677 corporate/3.0/RPMS/MySQL-common-4.0.18-1.6.C30mdk.i586.rpm 76fc1db6495adc321fc2d0952a27bb91 corporate/3.0/SRPMS/MySQL-4.0.18-1.6.C30mdk.src.rpm Corporate 3.0/X86_64: 02c3a2e98692e6c71e5497a536b30d4e x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.6.C30mdk.x86_64.rpm 475624ad614c0f109ce0fbf952335987 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.6.C30mdk.x86_64.rpm df26496e1bd68d73d62a7c786b54b6ed x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.6.C30mdk.x86_64.rpm 3b75ce48513acd6dc9aa228058642f0f x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.6.C30mdk.x86_64.rpm 21347726c3d48e6d13723516a15d87fb x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.6.C30mdk.x86_64.rpm fef51176d24e8874ddca4af5653bacc9 x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.6.C30mdk.x86_64.rpm 7e59b805ab766f84d118f4fc5b2755ec x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.6.C30mdk.x86_64.rpm 76fc1db6495adc321fc2d0952a27bb91 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.6.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDJmxzmqjQ0CJFipgRAlXrAJ4+GenFKgWyhmkpbchb7s5F9CPf4ACgvTa2 uv487XrACLdZ+yoASOC+RrE= =BE/G -----END PGP SIGNATURE-----