-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:093 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : May 7, 2010 Affected: 2009.1, 2010.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered in mysql which would permit mysql users without any kind of privileges to use the UNINSTALL PLUGIN function. A problem was discovered in the mysqld init script which under certain circumstances could cause the service to exit too quickly, giving the [ OK ] status and before the mysql server was really started and bound to the mysql socket or IP address. This caused a problem for products like Pulse2. The corrected packages solves these problems. _______________________________________________________________________ References: http://bugs.mysql.com/bug.php?id=51770 https://qa.mandriva.com/58843 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 54006c70afc3e861c4deef24d761370b 2009.1/i586/libmysql16-5.1.42-0.3mdv2009.1.i586.rpm 76dd0e691c8bc3b113a97192b556cabc 2009.1/i586/libmysql-devel-5.1.42-0.3mdv2009.1.i586.rpm 32ab2d4751a47963da3c88b51f1d3fd8 2009.1/i586/libmysql-static-devel-5.1.42-0.3mdv2009.1.i586.rpm 16632ad717aa5a11f2fb74a548859814 2009.1/i586/mysql-5.1.42-0.3mdv2009.1.i586.rpm 7f553d38a23daac410b925ec0094309e 2009.1/i586/mysql-bench-5.1.42-0.3mdv2009.1.i586.rpm c499f591935b91af8752e4bfaf146f9e 2009.1/i586/mysql-client-5.1.42-0.3mdv2009.1.i586.rpm b4545700f4afa0a471a8306f99f22249 2009.1/i586/mysql-common-5.1.42-0.3mdv2009.1.i586.rpm aa2de0e2a3121bc724a84d836033500f 2009.1/i586/mysql-doc-5.1.42-0.3mdv2009.1.i586.rpm 9d79d1d0f9d176a26dd3727e747dfdf5 2009.1/i586/mysql-max-5.1.42-0.3mdv2009.1.i586.rpm fe2003bac60bb2f388b65eb711f7984a 2009.1/i586/mysql-ndb-extra-5.1.42-0.3mdv2009.1.i586.rpm ed8b3c6a2f0e25abfc030d3f886f13d1 2009.1/i586/mysql-ndb-management-5.1.42-0.3mdv2009.1.i586.rpm be6ff43c94502883be9ce176bddbf9b4 2009.1/i586/mysql-ndb-storage-5.1.42-0.3mdv2009.1.i586.rpm 1bacb295ea603908a2f04a6b4b269d31 2009.1/i586/mysql-ndb-tools-5.1.42-0.3mdv2009.1.i586.rpm a0b096a1669abdc876ef6c01d8c075b5 2009.1/SRPMS/mysql-5.1.42-0.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 61e03c60fec61328da5475cfb7bc4bf4 2009.1/x86_64/lib64mysql16-5.1.42-0.3mdv2009.1.x86_64.rpm 3176c0e87e754759204d0ad1be769a65 2009.1/x86_64/lib64mysql-devel-5.1.42-0.3mdv2009.1.x86_64.rpm 19bbdd8f6d57e4b5bb4a74d4b476f0cf 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.3mdv2009.1.x86_64.rpm 0e80df8a100d82364e7a3323ec892d1f 2009.1/x86_64/mysql-5.1.42-0.3mdv2009.1.x86_64.rpm d405ffb3e8f65578f54bce2360c78433 2009.1/x86_64/mysql-bench-5.1.42-0.3mdv2009.1.x86_64.rpm eb7baf714d55aae6ad041cdabdd84dab 2009.1/x86_64/mysql-client-5.1.42-0.3mdv2009.1.x86_64.rpm 90abeaf5a5b218a21567df0a02572232 2009.1/x86_64/mysql-common-5.1.42-0.3mdv2009.1.x86_64.rpm c7fce8846a34bdac5ad4144d8856043c 2009.1/x86_64/mysql-doc-5.1.42-0.3mdv2009.1.x86_64.rpm cba5723911fa87d7e7211ab2cdb658f6 2009.1/x86_64/mysql-max-5.1.42-0.3mdv2009.1.x86_64.rpm 98edbde9e1393a275fd45a78fda03b92 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.3mdv2009.1.x86_64.rpm 2f5b6b0b9a6726b7322deb723480c527 2009.1/x86_64/mysql-ndb-management-5.1.42-0.3mdv2009.1.x86_64.rpm db10798231c42e0304fb75f1f7941728 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.3mdv2009.1.x86_64.rpm 07ca70ad1b446afd873c482cc544d1dc 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2009.1.x86_64.rpm a0b096a1669abdc876ef6c01d8c075b5 2009.1/SRPMS/mysql-5.1.42-0.3mdv2009.1.src.rpm Mandriva Linux 2010.0: be1721e543c3724d35a63aa5f213f8de 2010.0/i586/libmysql16-5.1.42-0.3mdv2010.0.i586.rpm 8e5472cc7afddd745e02fd97fa3e65e3 2010.0/i586/libmysql-devel-5.1.42-0.3mdv2010.0.i586.rpm 2302fb56a522390b97425f6fbef98148 2010.0/i586/libmysql-static-devel-5.1.42-0.3mdv2010.0.i586.rpm 6b3039075fb7828f00f6d5fe3b6f2cc9 2010.0/i586/mysql-5.1.42-0.3mdv2010.0.i586.rpm 8190cae8369824a35c2a84b7463bc11b 2010.0/i586/mysql-bench-5.1.42-0.3mdv2010.0.i586.rpm bda23f602b5230b994b1b12baec86af1 2010.0/i586/mysql-client-5.1.42-0.3mdv2010.0.i586.rpm 4056f9719c0873d63e46c10597c7d688 2010.0/i586/mysql-common-5.1.42-0.3mdv2010.0.i586.rpm 59826ffe62a040bd84e530e4e5be163f 2010.0/i586/mysql-common-core-5.1.42-0.3mdv2010.0.i586.rpm 6774569d17dd638b8e09a3a0d5b6ea0e 2010.0/i586/mysql-core-5.1.42-0.3mdv2010.0.i586.rpm c5ecb88a2cdc9b22ee98a90d6b1a9d03 2010.0/i586/mysql-doc-5.1.42-0.3mdv2010.0.i586.rpm b3c8aaf9e97656f024b5e7f54af0728d 2010.0/i586/mysql-max-5.1.42-0.3mdv2010.0.i586.rpm 2f8a0156d8d2ea7c3e2432ee1600e4c6 2010.0/i586/mysql-ndb-extra-5.1.42-0.3mdv2010.0.i586.rpm 810eb32b04552f831b5ac35f9241356d 2010.0/i586/mysql-ndb-management-5.1.42-0.3mdv2010.0.i586.rpm fa0670d9eed9803cbc5f40536208c141 2010.0/i586/mysql-ndb-storage-5.1.42-0.3mdv2010.0.i586.rpm 4b0be649cc0a6331b935059f99d27dfb 2010.0/i586/mysql-ndb-tools-5.1.42-0.3mdv2010.0.i586.rpm 04afccfb76f0f88375f9dc6598584f9b 2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: ebd36c904b32a99bdd9ce0e938eb6ef2 2010.0/x86_64/lib64mysql16-5.1.42-0.3mdv2010.0.x86_64.rpm ffde28d96cfe44d159d3176e1972a6b2 2010.0/x86_64/lib64mysql-devel-5.1.42-0.3mdv2010.0.x86_64.rpm 288915dbebc01d488180362784d1b011 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.3mdv2010.0.x86_64.rpm e9f1674e68e7ddc8d68ec5c6147e051f 2010.0/x86_64/mysql-5.1.42-0.3mdv2010.0.x86_64.rpm 3aa8d227d757d2a0172c39d22f503fc9 2010.0/x86_64/mysql-bench-5.1.42-0.3mdv2010.0.x86_64.rpm 0d9a788891e0b20c4339c6f8ed0b14ab 2010.0/x86_64/mysql-client-5.1.42-0.3mdv2010.0.x86_64.rpm 373b970d951de243a21451a31154e21d 2010.0/x86_64/mysql-common-5.1.42-0.3mdv2010.0.x86_64.rpm 757bceabfacd191d9b32dce2140025f8 2010.0/x86_64/mysql-common-core-5.1.42-0.3mdv2010.0.x86_64.rpm 78335300c5dfd20ad7c18ee53c8e7549 2010.0/x86_64/mysql-core-5.1.42-0.3mdv2010.0.x86_64.rpm c8a3554ef62aa6cc8335a7352f2b9ff3 2010.0/x86_64/mysql-doc-5.1.42-0.3mdv2010.0.x86_64.rpm f3c8489b506b91f2a9dd5ef64dcf9064 2010.0/x86_64/mysql-max-5.1.42-0.3mdv2010.0.x86_64.rpm 44f0b531705bc0d155a24d3847dd0d50 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.3mdv2010.0.x86_64.rpm 1574dda1d6e3717832440c5f94c01816 2010.0/x86_64/mysql-ndb-management-5.1.42-0.3mdv2010.0.x86_64.rpm ec14aafb931921e75e847d25373f901c 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.3mdv2010.0.x86_64.rpm 7e38f7400e1c96fbb5e24520ab554b4b 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2010.0.x86_64.rpm 04afccfb76f0f88375f9dc6598584f9b 2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFL5CnimqjQ0CJFipgRAs+uAJ4qRfD5p0DtrMZZrDeGBaXSrxX08wCgmjhZ N0qrX52vXppOw/fCprvl584= =FvOH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/