-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:012 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : January 17, 2010 Affected: 2009.1, 2010.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). The updated packages have been patched to correct these issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded to the latest stable 5.1 release (5.1.42). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 2052354eb2f57325cc5a351aa8e7fa17 2009.1/i586/libmysql16-5.1.42-0.1mdv2009.1.i586.rpm f8b86535e2b9304340b95fc6b5e5ed53 2009.1/i586/libmysql-devel-5.1.42-0.1mdv2009.1.i586.rpm 0b2b4f3359a6b44614daf30e921faebf 2009.1/i586/libmysql-static-devel-5.1.42-0.1mdv2009.1.i586.rpm 0a007a4249e801fcf6ba7112c79e125b 2009.1/i586/mysql-5.1.42-0.1mdv2009.1.i586.rpm 87664cc60c044a8415d54d4e1169556c 2009.1/i586/mysql-bench-5.1.42-0.1mdv2009.1.i586.rpm ec0a34be2a2abd3890e3b6163099231b 2009.1/i586/mysql-client-5.1.42-0.1mdv2009.1.i586.rpm 5f1526147c19c5dac3d5e926e75e6108 2009.1/i586/mysql-common-5.1.42-0.1mdv2009.1.i586.rpm 53894c10ef4d4e1384d55bf6d957d03b 2009.1/i586/mysql-doc-5.1.42-0.1mdv2009.1.i586.rpm af10d4d0e4efb516dc8228df3b6e0b04 2009.1/i586/mysql-max-5.1.42-0.1mdv2009.1.i586.rpm a950628d61d6941c5334040527b187b3 2009.1/i586/mysql-ndb-extra-5.1.42-0.1mdv2009.1.i586.rpm 5ef3d1368951afda87ce339ac3f40702 2009.1/i586/mysql-ndb-management-5.1.42-0.1mdv2009.1.i586.rpm 939043e470320d048c61ba731e58eedb 2009.1/i586/mysql-ndb-storage-5.1.42-0.1mdv2009.1.i586.rpm b575199f57235a93ab35f1d21b09106b 2009.1/i586/mysql-ndb-tools-5.1.42-0.1mdv2009.1.i586.rpm 7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 83694bc1ab6c44f9ad081a385db8e137 2009.1/x86_64/lib64mysql16-5.1.42-0.1mdv2009.1.x86_64.rpm efeb723e6c2f03878d3c7a98c70b08fc 2009.1/x86_64/lib64mysql-devel-5.1.42-0.1mdv2009.1.x86_64.rpm 36dd02fdbc2fbb752cee1d5dd80b2687 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2009.1.x86_64.rpm 6d0f276c904e851e94e21fd33064bf84 2009.1/x86_64/mysql-5.1.42-0.1mdv2009.1.x86_64.rpm 783bb174310ca9f2d713f83cf6d1ef88 2009.1/x86_64/mysql-bench-5.1.42-0.1mdv2009.1.x86_64.rpm 4e63f4cc681ea7647a4a6d741b272a5b 2009.1/x86_64/mysql-client-5.1.42-0.1mdv2009.1.x86_64.rpm 0387ea642a706affc7ea43996786995b 2009.1/x86_64/mysql-common-5.1.42-0.1mdv2009.1.x86_64.rpm 57a3b2e0d7f89cf6c529317f96aa175d 2009.1/x86_64/mysql-doc-5.1.42-0.1mdv2009.1.x86_64.rpm 754919090d5355395a2f36025b0a6370 2009.1/x86_64/mysql-max-5.1.42-0.1mdv2009.1.x86_64.rpm f7b6cff4ab3d2679107c8b5a1f0d1209 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2009.1.x86_64.rpm 526aec7bd783d54a9ba354098f88cb53 2009.1/x86_64/mysql-ndb-management-5.1.42-0.1mdv2009.1.x86_64.rpm 5c21900db14347e6e04979e9edeafc7c 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2009.1.x86_64.rpm 3011a3d4a3a83b563933909446c4e5a2 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2009.1.x86_64.rpm 7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm Mandriva Linux 2010.0: d8b966d905db88c7a5f78b350b2d197b 2010.0/i586/libmysql16-5.1.42-0.1mdv2010.0.i586.rpm 97890a292a3ad4bfbb9a12bbf4526b65 2010.0/i586/libmysql-devel-5.1.42-0.1mdv2010.0.i586.rpm abdfe57c2b25ff668b9f972efa4bec28 2010.0/i586/libmysql-static-devel-5.1.42-0.1mdv2010.0.i586.rpm de115ca3e80cb4a54970590eae0caf74 2010.0/i586/mysql-5.1.42-0.1mdv2010.0.i586.rpm b1af15f0e00bd2824092dac21d28a59d 2010.0/i586/mysql-bench-5.1.42-0.1mdv2010.0.i586.rpm 67beec0620551eb817d09e4dd2ed32a6 2010.0/i586/mysql-client-5.1.42-0.1mdv2010.0.i586.rpm e7979f8b6015a750d09593478cfcccc2 2010.0/i586/mysql-common-5.1.42-0.1mdv2010.0.i586.rpm 1e403dda77399cac91522b99c5a77a94 2010.0/i586/mysql-common-core-5.1.42-0.1mdv2010.0.i586.rpm c06bcd5a5c0acb43f270f5d7ace9d417 2010.0/i586/mysql-core-5.1.42-0.1mdv2010.0.i586.rpm 155d7edf8bf7760c644733671d04dda2 2010.0/i586/mysql-doc-5.1.42-0.1mdv2010.0.i586.rpm 8a7c42ba34efd2f8f1c74491f30bac7c 2010.0/i586/mysql-max-5.1.42-0.1mdv2010.0.i586.rpm 1d1eb124a30062c8229eacee947fab6b 2010.0/i586/mysql-ndb-extra-5.1.42-0.1mdv2010.0.i586.rpm e6133a08e26f7983f9cb9b7b67b75ca9 2010.0/i586/mysql-ndb-management-5.1.42-0.1mdv2010.0.i586.rpm 9372040b6d57968315f459a688a7fdab 2010.0/i586/mysql-ndb-storage-5.1.42-0.1mdv2010.0.i586.rpm a74218625b766d72ae38c2c1476cf3e6 2010.0/i586/mysql-ndb-tools-5.1.42-0.1mdv2010.0.i586.rpm ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 2930d2e7a334341d082bdec1c2ad261f 2010.0/x86_64/lib64mysql16-5.1.42-0.1mdv2010.0.x86_64.rpm 8ca967411d87705edcced52cc8281744 2010.0/x86_64/lib64mysql-devel-5.1.42-0.1mdv2010.0.x86_64.rpm 71af52b4b8cd37ec37141fe56b0bea1c 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2010.0.x86_64.rpm f8ff5f7cdd6054da4c81e3a741d9fb22 2010.0/x86_64/mysql-5.1.42-0.1mdv2010.0.x86_64.rpm 2b7d818a2edd120aba01e525fc51e647 2010.0/x86_64/mysql-bench-5.1.42-0.1mdv2010.0.x86_64.rpm 4896e7cfb9818e740de6586d6de18e8f 2010.0/x86_64/mysql-client-5.1.42-0.1mdv2010.0.x86_64.rpm 7904e902d0dd12a611fef6d4fe74d188 2010.0/x86_64/mysql-common-5.1.42-0.1mdv2010.0.x86_64.rpm 4ad977d5b0a3d8bd29d482f35ee41516 2010.0/x86_64/mysql-common-core-5.1.42-0.1mdv2010.0.x86_64.rpm 72ae82e587c92165a72467e30560b42f 2010.0/x86_64/mysql-core-5.1.42-0.1mdv2010.0.x86_64.rpm 7585cdb1a7065c522d3d71c91c13071f 2010.0/x86_64/mysql-doc-5.1.42-0.1mdv2010.0.x86_64.rpm 50936bad8898af9a9ecbab9f51a884c5 2010.0/x86_64/mysql-max-5.1.42-0.1mdv2010.0.x86_64.rpm 2ef542022c6437fa4df25e7b46c804dd 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2010.0.x86_64.rpm b20519b0f4fb8ca438c8105a1305b45d 2010.0/x86_64/mysql-ndb-management-5.1.42-0.1mdv2010.0.x86_64.rpm 32d5eb57ba08af5420e44777ea2bbd98 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2010.0.x86_64.rpm 607848d02f7cffdf3169c7dbce65e75f 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2010.0.x86_64.rpm ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLU3VUmqjQ0CJFipgRAmhhAJ91sCoRByeEVFdzAULLmfs0t6vOsACaArA+ fPZMuPMkwgub9aN1Xva9v1Q= =2/XR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/