---

Home Security

Conectiva Linux Advisory: MySQL

By

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : MySQL
SUMMARY : Several Vulnerabilities
DATE : 2003-09-18 18:59:00
ID : CLA-2003:743
RELEVANT RELEASES : 7.0, 8, 9

DESCRIPTION
MySQL is a very popular SQL database, distributed under the GNU-GPL
license.

This update fixes three vulnerabilities in the versions of MySQL
distributed with Conectiva Linux:

  1. Double free vulnerability[1] in the mysql_change_user()
    function. An attacker with access to the MySQL server can exploit
    this vulnerability to at least cause a denial of service condition
    (crash the MySQL server process) by sending specially crafted data
    from a client application.
  2. World writeable configuration files vulnerability[2]. An
    attacker with access to the MySQL server can create/overwrite a
    MySQL configuration file using a “SELECT * INFO OUTFILE” command.
    This can be exploited to, for example, cause MySQL to run as root
    upon restart.
  3. Password handler buffer overflow vulnerability. Frank Denis
    reported[3] a buffer overflow vulnerability in the password
    handling functions of MySQL. An attacker with global administrative
    privileges on the MySQL server can exploit this vulnerability to
    execute arbitrary code with the privileges of the user the MySQL
    server process is running as.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2003-0073[4], CAN-2003-0150[5] and CAN-2003-0780[6] to these
issues, respectively.

This update brings the latest stable MySQL version available
from the 3.23 serie (3.23.58). Besides the fix or the
aforementioned vulnerabilities, this new version includes several
other bugfixes and minor enhancements, which can be seen in the
project changelogs[7].

SOLUTION
We recommend that all MySQL users upgrade their packages as soon as
possible.

IMPORTANT: after the upgrade the mysql service must be restarted
manually. In order to do that, run the following command as
root:

# /sbin/service mysql restart

REFERENCES:
1.http://www.mysql.com/doc/en/News-3.23.55.html

2.http://www.securityfocus.com/archive/1/314391

3.http://www.securityfocus.com/archive/1/337012

4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0073

5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0150

6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780

7.http://www.mysql.com/doc/en/News-3.23.x.html

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-3.23.58-1U70_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-bench-3.23.58-1U70_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-client-3.23.58-1U70_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-3.23.58-1U70_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-static-3.23.58-1U70_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-doc-3.23.58-1U70_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/MySQL-3.23.58-1U70_4cl.src.rpm


ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-3.23.58-1U80_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-bench-3.23.58-1U80_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-client-3.23.58-1U80_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-3.23.58-1U80_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-static-3.23.58-1U80_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-doc-3.23.58-1U80_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/8/SRPMS/MySQL-3.23.58-1U80_3cl.src.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-3.23.58-20507U90_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-bench-3.23.58-20507U90_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-client-3.23.58-20507U90_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-3.23.58-20507U90_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-static-3.23.58-20507U90_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-doc-3.23.58-20507U90_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/SRPMS/MySQL-3.23.58-20507U90_1cl.src.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

subscribe: [email protected]

unsubscribe: [email protected]

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.