-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:044 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : February 19, 2010 Affected: 2009.1, 2010.0 _______________________________________________________________________ Problem Description: A vulnerabilitiy has been found and corrected in mysql: MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions (CVE-2008-7247). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 2f0b2aa01447c698f4c98a0456a1c69c 2009.1/i586/libmysql16-5.1.42-0.2mdv2009.1.i586.rpm 8b524729396bbb6208a782804dea5548 2009.1/i586/libmysql-devel-5.1.42-0.2mdv2009.1.i586.rpm 8bc0a6b0dc6193de2a12c19bba494de4 2009.1/i586/libmysql-static-devel-5.1.42-0.2mdv2009.1.i586.rpm 44fade6ed7091d45cb982c90c9967b78 2009.1/i586/mysql-5.1.42-0.2mdv2009.1.i586.rpm 2ce15b99962625064261eab3642bcf59 2009.1/i586/mysql-bench-5.1.42-0.2mdv2009.1.i586.rpm b847bd3413b5b969010defab4e5a40fa 2009.1/i586/mysql-client-5.1.42-0.2mdv2009.1.i586.rpm 74f09051aaa94cb2ca8c9ddb59953eba 2009.1/i586/mysql-common-5.1.42-0.2mdv2009.1.i586.rpm a184d26f07c87eaa3ef7287b2a855d98 2009.1/i586/mysql-doc-5.1.42-0.2mdv2009.1.i586.rpm 73830cb1bbbe377eeea1df07264c8ef5 2009.1/i586/mysql-max-5.1.42-0.2mdv2009.1.i586.rpm 66824bb460b0297a77a8746ed78cbe99 2009.1/i586/mysql-ndb-extra-5.1.42-0.2mdv2009.1.i586.rpm 59c3dec9fa4dbbc7a885836245a4078e 2009.1/i586/mysql-ndb-management-5.1.42-0.2mdv2009.1.i586.rpm ae978fcfedd8fae37b8817f10880b419 2009.1/i586/mysql-ndb-storage-5.1.42-0.2mdv2009.1.i586.rpm ba3da7eb5d0956150a56a3344e3ba55f 2009.1/i586/mysql-ndb-tools-5.1.42-0.2mdv2009.1.i586.rpm ce22c4431b749422be94f25069d994a0 2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 62ff0176e3ddef7aafbdf750f25b47f8 2009.1/x86_64/lib64mysql16-5.1.42-0.2mdv2009.1.x86_64.rpm 6fbcf2099750cf81ee3452ed5ac0787f 2009.1/x86_64/lib64mysql-devel-5.1.42-0.2mdv2009.1.x86_64.rpm 53d08e3fbd79cea4ed26ff65add9765f 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2009.1.x86_64.rpm 065ad0b6772ed3b7525f30cc82bbc435 2009.1/x86_64/mysql-5.1.42-0.2mdv2009.1.x86_64.rpm bf07278c7ed2093b6af63972153bfff6 2009.1/x86_64/mysql-bench-5.1.42-0.2mdv2009.1.x86_64.rpm 78b190af22f530856839d81b7409af5a 2009.1/x86_64/mysql-client-5.1.42-0.2mdv2009.1.x86_64.rpm 645331fd75cb84ac64c386c61c190cc5 2009.1/x86_64/mysql-common-5.1.42-0.2mdv2009.1.x86_64.rpm 01b2309cbd090ef9c3fc6fbc69f7a754 2009.1/x86_64/mysql-doc-5.1.42-0.2mdv2009.1.x86_64.rpm 1448a5f6b87f94afb0f8a6e9d84f1ac1 2009.1/x86_64/mysql-max-5.1.42-0.2mdv2009.1.x86_64.rpm 6ba14cb108e5bebbf24a92cb5c6f7ebe 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2009.1.x86_64.rpm 0e759f206b3da3385ef85574353ed9e4 2009.1/x86_64/mysql-ndb-management-5.1.42-0.2mdv2009.1.x86_64.rpm 5af588ba15272f44e0b572a6b4e52478 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2009.1.x86_64.rpm d6261440010c074d295bb851f9146a9a 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2009.1.x86_64.rpm ce22c4431b749422be94f25069d994a0 2009.1/SRPMS/mysql-5.1.42-0.2mdv2009.1.src.rpm Mandriva Linux 2010.0: 44b895dce7ed6d97a834aff3406a3ccd 2010.0/i586/libmysql16-5.1.42-0.2mdv2010.0.i586.rpm 4cee478e44331238abdd640aa703b157 2010.0/i586/libmysql-devel-5.1.42-0.2mdv2010.0.i586.rpm f962b485ef111348268290c8be76b29b 2010.0/i586/libmysql-static-devel-5.1.42-0.2mdv2010.0.i586.rpm 61c112619ffd8a3552a6ecf63970f051 2010.0/i586/mysql-5.1.42-0.2mdv2010.0.i586.rpm 062691f1e77e30bffaea73094b4d0413 2010.0/i586/mysql-bench-5.1.42-0.2mdv2010.0.i586.rpm 056c73a5e74c319f4539768c94d73c4e 2010.0/i586/mysql-client-5.1.42-0.2mdv2010.0.i586.rpm 7624c659c4a3da88e03225999de01469 2010.0/i586/mysql-common-5.1.42-0.2mdv2010.0.i586.rpm 30f34758e898a4a4dcc93d0c1bcb6192 2010.0/i586/mysql-common-core-5.1.42-0.2mdv2010.0.i586.rpm cb06e6cf42509662b05e26e087c52d41 2010.0/i586/mysql-core-5.1.42-0.2mdv2010.0.i586.rpm 3438d54da48beb3d0380b53a0b78b8cd 2010.0/i586/mysql-doc-5.1.42-0.2mdv2010.0.i586.rpm c4e2fdc5c0d725cd177b2dcd884d7743 2010.0/i586/mysql-max-5.1.42-0.2mdv2010.0.i586.rpm f28ece33328a9b3270a1deee90d7cb3f 2010.0/i586/mysql-ndb-extra-5.1.42-0.2mdv2010.0.i586.rpm 43f9b3d2d6c6f3b7babc0a9f65317be2 2010.0/i586/mysql-ndb-management-5.1.42-0.2mdv2010.0.i586.rpm ba863e83a0ad172dcf6ac45c9e18a397 2010.0/i586/mysql-ndb-storage-5.1.42-0.2mdv2010.0.i586.rpm a042fd2f1675840827d3cb10956f3b04 2010.0/i586/mysql-ndb-tools-5.1.42-0.2mdv2010.0.i586.rpm 12f6c61720238739fcdd90db0fb51b4f 2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: ea556322b3f13413e7d04563d4d5e7eb 2010.0/x86_64/lib64mysql16-5.1.42-0.2mdv2010.0.x86_64.rpm aaf281480d6d0151e55f29bc3ef46005 2010.0/x86_64/lib64mysql-devel-5.1.42-0.2mdv2010.0.x86_64.rpm c1f73b5b14ad2ed5bac67ceed030f2af 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.2mdv2010.0.x86_64.rpm 1b343c72fbb285e315019d710d9af791 2010.0/x86_64/mysql-5.1.42-0.2mdv2010.0.x86_64.rpm 487b5275268598c2251e052de5547942 2010.0/x86_64/mysql-bench-5.1.42-0.2mdv2010.0.x86_64.rpm 0754d67fbb00d2b605118aa054e3accc 2010.0/x86_64/mysql-client-5.1.42-0.2mdv2010.0.x86_64.rpm ea39b9654fb2180cea2d4a0cf893679a 2010.0/x86_64/mysql-common-5.1.42-0.2mdv2010.0.x86_64.rpm 332ffbed9bc8e5cd63826d9155e4162b 2010.0/x86_64/mysql-common-core-5.1.42-0.2mdv2010.0.x86_64.rpm 00850c47b9f2517ed3eee285458398d2 2010.0/x86_64/mysql-core-5.1.42-0.2mdv2010.0.x86_64.rpm a65c273a6be0bba6dee7ba920f018be1 2010.0/x86_64/mysql-doc-5.1.42-0.2mdv2010.0.x86_64.rpm c2b187a16cedc2bcadd056820d910a88 2010.0/x86_64/mysql-max-5.1.42-0.2mdv2010.0.x86_64.rpm fe01b52c852b9fd1ab4651c947216be6 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.2mdv2010.0.x86_64.rpm 77f4079a5c81d128519ed5d80150b0be 2010.0/x86_64/mysql-ndb-management-5.1.42-0.2mdv2010.0.x86_64.rpm 982b7cbaf4751e34067a45003e153adf 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.2mdv2010.0.x86_64.rpm 75a9f93fdefc6f79018cc067a59e486a 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.2mdv2010.0.x86_64.rpm 12f6c61720238739fcdd90db0fb51b4f 2010.0/SRPMS/mysql-5.1.42-0.2mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLftsRmqjQ0CJFipgRAmHEAKCjA6517BjWBfNzsLDU/9NbiO/rQgCfY2/Q /TfbHZh+CXGMdIo5DoK4QXA= =QhVd -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/