Mandriva Linux Security Advisory 2009-179

Mandriva Linux Security Advisory 2009-179: Posted Jul 30, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-179 - Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. This update provides fixes for this vulnerability.; tags | advisory, remote, denial of service, vulnerability; systems | linux, mandriva; advisories | CVE-2009-2446; SHA-256 | b6f23056ca397f0cabf1b9e791a0d3dc4c26f03d88d9917816139a0e3686da9b; Download | Favorite | View

Mandriva Linux Security Advisory 2009-179


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:179
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : July 29, 2009
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in mysql:
 
 Multiple format string vulnerabilities in the dispatch_command function
 in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
 remote authenticated users to cause a denial of service (daemon crash)
 and possibly have unspecified other impact via format string specifiers
 in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
 NOTE: some of these details are obtained from third party information
 (CVE-2009-2446).
 
 This update provides fixes for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 111edf7e800a28ded6ec28a5f5806078  mes5/i586/libmysql15-5.0.84-0.2mdvmes5.i586.rpm
 32284b9f62a41475d9e5f1d6021d9c33  mes5/i586/libmysql-devel-5.0.84-0.2mdvmes5.i586.rpm
 3c9849b16d358d2947b950f79d949fa5  mes5/i586/libmysql-static-devel-5.0.84-0.2mdvmes5.i586.rpm
 b197a2ce1c2f8384b7870ac51604c56a  mes5/i586/mysql-5.0.84-0.2mdvmes5.i586.rpm
 e2890a075910aaae54c6b4aadd310058  mes5/i586/mysql-bench-5.0.84-0.2mdvmes5.i586.rpm
 b0f65c14372b0ad9f4268a241c3aadf1  mes5/i586/mysql-client-5.0.84-0.2mdvmes5.i586.rpm
 b697ac74c23770e4acf6a745898ac804  mes5/i586/mysql-common-5.0.84-0.2mdvmes5.i586.rpm
 817565d1e9cfe7e456a86a2aedc8794a  mes5/i586/mysql-doc-5.0.84-0.2mdvmes5.i586.rpm
 aee00f43a8d160c69404943513158186  mes5/i586/mysql-max-5.0.84-0.2mdvmes5.i586.rpm
 a558bb267ab87256c2be99db21c6f90a  mes5/i586/mysql-ndb-extra-5.0.84-0.2mdvmes5.i586.rpm
 05c2f6cfb2e35a5ddeaf7bd781ff49e2  mes5/i586/mysql-ndb-management-5.0.84-0.2mdvmes5.i586.rpm
 a25f4eda51549892458a7018c6a1aa8c  mes5/i586/mysql-ndb-storage-5.0.84-0.2mdvmes5.i586.rpm
 9b4d0245ae703395e322dad3f1de77c9  mes5/i586/mysql-ndb-tools-5.0.84-0.2mdvmes5.i586.rpm 
 528357eda66ebd5b56c8df7e103cbb6e  mes5/SRPMS/mysql-5.0.84-0.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 439bfd3542d1c381767e5df2899dabc1  mes5/x86_64/lib64mysql15-5.0.84-0.2mdvmes5.x86_64.rpm
 936c76cd181fc0e570436e15afb5c3fe  mes5/x86_64/lib64mysql-devel-5.0.84-0.2mdvmes5.x86_64.rpm
 9195e6215287d2c10510e4b3966f098a  mes5/x86_64/lib64mysql-static-devel-5.0.84-0.2mdvmes5.x86_64.rpm
 901ee6678c5e26dd9c7678c0713a0846  mes5/x86_64/mysql-5.0.84-0.2mdvmes5.x86_64.rpm
 7a008ddf061471ca251bec7e6fc090b9  mes5/x86_64/mysql-bench-5.0.84-0.2mdvmes5.x86_64.rpm
 1b78d5dbd44f9cd90e47b65c0d42cc49  mes5/x86_64/mysql-client-5.0.84-0.2mdvmes5.x86_64.rpm
 0889ee744eea3dfb5ab5255526742f07  mes5/x86_64/mysql-common-5.0.84-0.2mdvmes5.x86_64.rpm
 82a3ea7dd6e86aadb7f59de8adac28e5  mes5/x86_64/mysql-doc-5.0.84-0.2mdvmes5.x86_64.rpm
 ff9aa6a146f0ec0c83f1becea8f128cb  mes5/x86_64/mysql-max-5.0.84-0.2mdvmes5.x86_64.rpm
 0e1651537446af7fd6c7693262b6c389  mes5/x86_64/mysql-ndb-extra-5.0.84-0.2mdvmes5.x86_64.rpm
 4bf5dc024969a37fb8ef205725bbf2dd  mes5/x86_64/mysql-ndb-management-5.0.84-0.2mdvmes5.x86_64.rpm
 a7090dab8c114e1ec1d123066977b53e  mes5/x86_64/mysql-ndb-storage-5.0.84-0.2mdvmes5.x86_64.rpm
 e8b8adf271646dfb46796e70edca0294  mes5/x86_64/mysql-ndb-tools-5.0.84-0.2mdvmes5.x86_64.rpm 
 528357eda66ebd5b56c8df7e103cbb6e  mes5/SRPMS/mysql-5.0.84-0.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKcBKVmqjQ0CJFipgRAldeAKCk0ggsq3G/8x0xKnKr7O6GtbjkkACgsPMD
i2A5Kx1gug93lRlYKP8PBWo=
=Vr4y
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Mandriva Linux Security Advisory 2009-179

Mandriva Linux Security Advisory 2009-179

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mandriva Linux Security Advisory 2009-179

Share This

Mandriva Linux Security Advisory 2009-179

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems