-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:111 http://www.mandriva.com/security/ _______________________________________________________________________ Package : MySQL Date : June 23, 2006 Affected: 10.2, 2006.0 _______________________________________________________________________ Problem Description: Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 78e8411d4173067449ab40b253359584 10.2/RPMS/libmysql14-4.1.11-1.6.102mdk.i586.rpm 1b8c46014749729fd853c6dcee91eaed 10.2/RPMS/libmysql14-devel-4.1.11-1.6.102mdk.i586.rpm 996f92c1d1cb685938a1b019d8b637c0 10.2/RPMS/MySQL-4.1.11-1.6.102mdk.i586.rpm 766fa948a6d3e0094658aa936a76e203 10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.i586.rpm 587b166b5e24e39df778d1a49ca26c60 10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.i586.rpm 26e3fd9cf0a5977e2b934c12ad9500fc 10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.i586.rpm 66f223fa9cfe196c01c6e4b311d70a65 10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.i586.rpm 550a497e8f5fb748b9a91a0717da6c48 10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.i586.rpm c3cd6a33370387b6b7ef26810d04ed5e 10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm Mandriva Linux 10.2/X86_64: b93aa5af71b0fc8752b59ea9e137fbb9 x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.6.102mdk.x86_64.rpm 97baf24556b164bd67d7456f662788a2 x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.6.102mdk.x86_64.rpm 2e1874294dd1bd7bb66eca3db4b84f9f x86_64/10.2/RPMS/MySQL-4.1.11-1.6.102mdk.x86_64.rpm e59c30459703a1143a6a5c2aa962fdeb x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.6.102mdk.x86_64.rpm 921411f6d52933199902eae720bdfc4c x86_64/10.2/RPMS/MySQL-client-4.1.11-1.6.102mdk.x86_64.rpm ee8319140b47877d3920a6f789f10076 x86_64/10.2/RPMS/MySQL-common-4.1.11-1.6.102mdk.x86_64.rpm 5ecce7afbba4fd0ddd9e36ef068cb007 x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.6.102mdk.x86_64.rpm 7f30cc287096f0a28347b9a18454bdf8 x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.6.102mdk.x86_64.rpm c3cd6a33370387b6b7ef26810d04ed5e x86_64/10.2/SRPMS/MySQL-4.1.11-1.6.102mdk.src.rpm Mandriva Linux 2006.0: bbad68193933b00b85f243e80280f954 2006.0/RPMS/libmysql14-4.1.12-4.3.20060mdk.i586.rpm c8f89626e74f928e1f997d547ea9e5ff 2006.0/RPMS/libmysql14-devel-4.1.12-4.3.20060mdk.i586.rpm 7274a11988a77408823e0fef2375cc16 2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.i586.rpm e63c7660cb86a3e0d3240d00a43e53a9 2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.i586.rpm aa902a285d22f9df2a33dc7d9490c3f7 2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.i586.rpm 633d3a283dd19ea2a51448b815ad53a9 2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.i586.rpm 96ce79cfbda19d2af7ba81de922561c1 2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.i586.rpm 0e83d8f9db5f77d08a0c876befbe1a67 2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.i586.rpm 7e92a87a1fbe7b3dad96372a678a2c65 2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 3abed6dfe1aff3e142effab7438f1813 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.3.20060mdk.x86_64.rpm d29d7cc058e7cd5af8068db37e2170e8 x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.3.20060mdk.x86_64.rpm 4dd7efc9fcd7fd77cc6a5f4b9e2294f5 x86_64/2006.0/RPMS/MySQL-4.1.12-4.3.20060mdk.x86_64.rpm 7b2f19ea6fd61a972038ea79063167e3 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.3.20060mdk.x86_64.rpm 434eaff2f79e6dcb6d4ad6ca7d538259 x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.3.20060mdk.x86_64.rpm 49aa9dcfbe79d8a91ad6823d505f19ac x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.3.20060mdk.x86_64.rpm bfa5996ca7e57f071fcc4a2574883a8e x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.3.20060mdk.x86_64.rpm 9df2f30b72c53bd4be9c92b4146e5c79 x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.3.20060mdk.x86_64.rpm 7e92a87a1fbe7b3dad96372a678a2c65 x86_64/2006.0/SRPMS/MySQL-4.1.12-4.3.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEm+2vmqjQ0CJFipgRAp03AKCBqLEYfQYn+lpIV8ORd0ET05DCKwCgnaYx 58aB4ezFDNLNyf9NyjyTGIs= =Hla8 -----END PGP SIGNATURE-----