exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-197

Mandriva Linux Security Advisory 2013-197
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-1861, CVE-2013-3802, CVE-2013-3804
SHA-256 | 229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2

Mandriva Linux Security Advisory 2013-197

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:197
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mysql
Date : July 23, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in mysql:

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15,
and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31
and earlier, and 5.6.11 and earlier allows remote attackers to cause
a denial of service (crash) via a crafted geometry feature that
specifies a large number of points, which is not properly handled
when processing the binary representation of this feature, related
to a numeric calculation error (CVE-2013-1861).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Full Text Search (CVE-2013-3802).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server Optimizer (CVE-2013-3804).

The updated packages have been upgraded to the 5.1.70 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3804
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-70.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
d50025f407efd92277e1ce69b498932a mes5/i586/libmysql16-5.1.70-0.1mdvmes5.2.i586.rpm
9f0cb96b3e3cc6d9217d4d58a90304c5 mes5/i586/libmysql-devel-5.1.70-0.1mdvmes5.2.i586.rpm
51943d180dd136175e303a7629e8ece2 mes5/i586/libmysql-static-devel-5.1.70-0.1mdvmes5.2.i586.rpm
11f429a294ce0a1f0a3b760ea5e36392 mes5/i586/mysql-5.1.70-0.1mdvmes5.2.i586.rpm
e581dea7bbd3ec979ecebe2fb03fdecf mes5/i586/mysql-bench-5.1.70-0.1mdvmes5.2.i586.rpm
e8c4be68e730ed3f4b854cbfb2ef62d1 mes5/i586/mysql-client-5.1.70-0.1mdvmes5.2.i586.rpm
58e82a0beaf27e4d4dd0a8680550242d mes5/i586/mysql-common-5.1.70-0.1mdvmes5.2.i586.rpm
ef5290b2cec153e8529a9a2475536541 mes5/SRPMS/mysql-5.1.70-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
aa18a4827c59c6b87c9d7b2972e7724c mes5/x86_64/lib64mysql16-5.1.70-0.1mdvmes5.2.x86_64.rpm
efecce077f18b14d3864a455d98fd962 mes5/x86_64/lib64mysql-devel-5.1.70-0.1mdvmes5.2.x86_64.rpm
612305725f5081095e839911eab31f92 mes5/x86_64/lib64mysql-static-devel-5.1.70-0.1mdvmes5.2.x86_64.rpm
2d12d3c1ebc247a49c70074ac00044cd mes5/x86_64/mysql-5.1.70-0.1mdvmes5.2.x86_64.rpm
5330a94f0a81648e0610d8fb051be165 mes5/x86_64/mysql-bench-5.1.70-0.1mdvmes5.2.x86_64.rpm
87b0f4a48768c3f97fd391101dff0f70 mes5/x86_64/mysql-client-5.1.70-0.1mdvmes5.2.x86_64.rpm
43ad98e628ae21a2d8c825096ff35f4f mes5/x86_64/mysql-common-5.1.70-0.1mdvmes5.2.x86_64.rpm
ef5290b2cec153e8529a9a2475536541 mes5/SRPMS/mysql-5.1.70-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR7h76mqjQ0CJFipgRAilqAJ4s0yqFPFdT0sOYj20pYbQni9KHcgCgu6As
M44JAmrkDXcyeRhgdxkZszI=
=KbxN
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close