Mandrake Linux Advisories: gtkhtml, MySQL

Mandrake Linux Security Update Advisory

Package name:	gtkhtml
Advisory ID:	MDKSA-2003:093
Date:	September 18th, 2003
Affected versions:	9.0, Corporate Server 2.1

Problem Description:

Alan Cox discovered that certain malformed messages could cause
the Evolution mail component to crash due to a null pointer
dereference in the GtkHTML library, versions prior to 1.1.0.

The updated package provides a patched version of GtkHTML;
versions of Mandrake Linux more recent than 9.0 do not require this
fix as they already come with version 1.1.0.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0541

Updated Packages:

Corporate Server 2.1:
8fff610cfe6d31ab32833a52a6937b5b
corporate/2.1/RPMS/libgtkhtml20-1.0.4-4.1.90mdk.i586.rpm
2e044e668ab66f1cbffbb09365494b7a
corporate/2.1/RPMS/libgtkhtml20-devel-1.0.4-4.1.90mdk.i586.rpm
ae52b73667079e1fa604717d87640258
corporate/2.1/RPMS/gtkhtml-1.0.4-4.1.90mdk.i586.rpm
02a15f57e85cc7d4be925304dec3dcfb
corporate/2.1/SRPMS/gtkhtml-1.0.4-4.1.90mdk.src.rpm

Corporate Server 2.1/x86_64:
1f7a5c793e476bb75aca9a0cbfd4ce70
x86_64/corporate/2.1/RPMS/libgtkhtml20-1.0.4-4.1.90mdk.x86_64.rpm

f1ea6dac507cfb2dd8874cfd8f034484
x86_64/corporate/2.1/RPMS/libgtkhtml20-devel-1.0.4-4.1.90mdk.x86_64.rpm

073f8f4585ea46c5345d888b7b9c80ac
x86_64/corporate/2.1/RPMS/gtkhtml-1.0.4-4.1.90mdk.x86_64.rpm
02a15f57e85cc7d4be925304dec3dcfb
x86_64/corporate/2.1/SRPMS/gtkhtml-1.0.4-4.1.90mdk.src.rpm

Mandrake Linux 9.0:
8fff610cfe6d31ab32833a52a6937b5b
9.0/RPMS/libgtkhtml20-1.0.4-4.1.90mdk.i586.rpm
2e044e668ab66f1cbffbb09365494b7a
9.0/RPMS/libgtkhtml20-devel-1.0.4-4.1.90mdk.i586.rpm
ae52b73667079e1fa604717d87640258
9.0/RPMS/gtkhtml-1.0.4-4.1.90mdk.i586.rpm
02a15f57e85cc7d4be925304dec3dcfb
9.0/SRPMS/gtkhtml-1.0.4-4.1.90mdk.src.rpm

Bug IDs fixed (see https://qa.mandrakesoft.com for
more information):

To upgrade automatically, use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:

gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98

Please be aware that sometimes it takes the mirrors a few hours
to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type	Bits/KeyID	Date	User ID
pub	1024D/22458A98	2000-07-10	Linux Mandrake Security Team <security linux-mandrake.com>

Mandrake Linux Security Update Advisory

Package name:	MySQL
Advisory ID:	MDKSA-2003:094
Date:	September 18th, 2003
Affected versions:	8.2, 9.0, 9.1, Corporate Server 2.1

Problem Description:

A buffer overflow was discovered in MySQL that could be executed
by any user with “ALTER TABLE” privileges on the “mysql” database.
If successfully exploited, the attacker could execute arbitrary
code with the privileges of the user running the mysqld process
(mysqld). The “mysql” database is used by MySQL for internal record
keeping and by default only the “root” user, or MySQL
administrative account, has permission to alter its tables.

This vulnerability was corrected in MySQL 4.0.15 and all
previous versions are vulnerable. These packages have been patched
to correct the problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780

http://lists.netsys.com/pipermail/full-disclosure/2003-September/009819.html

Updated Packages:

Corporate Server 2.1:
a5b26c78065992c17ee8a5a4e70cd86c
corporate/2.1/RPMS/MySQL-3.23.56-1.4mdk.i586.rpm
ddab095d7a05aadf9df8c567106048f7
corporate/2.1/RPMS/MySQL-Max-3.23.56-1.4mdk.i586.rpm
976aa2ae6708e05ab530ef99e594ad7c
corporate/2.1/RPMS/MySQL-bench-3.23.56-1.4mdk.i586.rpm
f5f2bc5b51ea1f7fc8b75522f5847212
corporate/2.1/RPMS/MySQL-client-3.23.56-1.4mdk.i586.rpm
f3b68760fc14e323968128d2dd2a2424
corporate/2.1/RPMS/libmysql10-3.23.56-1.4mdk.i586.rpm
736921df70148f22ac2bf476f65a40e1
corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.4mdk.i586.rpm
f5117c9dd321fb2316454e6d1517a26c
corporate/2.1/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm

Corporate Server 2.1/x86_64:
db49e2a673e2d7035c4254b4f362d7ba
x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.4mdk.x86_64.rpm
54ce8bc1925e6c3e77e5423efc1eb8db
x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.4mdk.x86_64.rpm
b12cdc078e5fe6cd1a446b1c2989105d
x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.4mdk.x86_64.rpm
bcc9eb20d536d3cb11987de2c73979c1
x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.4mdk.x86_64.rpm

ca05b51ed47aeb9f025364aeae0deb40
x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.4mdk.x86_64.rpm
df3d171bbc930cc741b4b9e927b27b1c
x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.4mdk.x86_64.rpm

f5117c9dd321fb2316454e6d1517a26c
x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm

Mandrake Linux 8.2:
33068edb004e974dc2f315b88c6cc590
8.2/RPMS/MySQL-3.23.47-5.5mdk.i586.rpm
1d1d8d91f74b93edb22d40f1588bda30
8.2/RPMS/MySQL-bench-3.23.47-5.5mdk.i586.rpm
ccefbcd92d003631f911924c78ba5c26
8.2/RPMS/MySQL-client-3.23.47-5.5mdk.i586.rpm
4888d5aebdd32d9f4cb3fd9beb639864
8.2/RPMS/libmysql10-3.23.47-5.5mdk.i586.rpm
e012e7d183509b0a7f20d965d6f867e8
8.2/RPMS/libmysql10-devel-3.23.47-5.5mdk.i586.rpm
e6ac76b4b1e3b10f4f29b52bd07b0290
8.2/SRPMS/MySQL-3.23.47-5.5mdk.src.rpm

Mandrake Linux 8.2/PPC:
71901d706aef93067cf46f0e3bdd2347
ppc/8.2/RPMS/MySQL-3.23.47-5.5mdk.ppc.rpm
09fc8ebcc7269b298887a09443308c81
ppc/8.2/RPMS/MySQL-bench-3.23.47-5.5mdk.ppc.rpm
b2d82052b870b9b22a06763932400d27
ppc/8.2/RPMS/MySQL-client-3.23.47-5.5mdk.ppc.rpm
995685714e0c14c0ec69a3b010e30f8e
ppc/8.2/RPMS/libmysql10-3.23.47-5.5mdk.ppc.rpm
d815cd44b55da1cb9410fd51afe8816d
ppc/8.2/RPMS/libmysql10-devel-3.23.47-5.5mdk.ppc.rpm
e6ac76b4b1e3b10f4f29b52bd07b0290
ppc/8.2/SRPMS/MySQL-3.23.47-5.5mdk.src.rpm

Mandrake Linux 9.0:
a5b26c78065992c17ee8a5a4e70cd86c
9.0/RPMS/MySQL-3.23.56-1.4mdk.i586.rpm
ddab095d7a05aadf9df8c567106048f7
9.0/RPMS/MySQL-Max-3.23.56-1.4mdk.i586.rpm
976aa2ae6708e05ab530ef99e594ad7c
9.0/RPMS/MySQL-bench-3.23.56-1.4mdk.i586.rpm
f5f2bc5b51ea1f7fc8b75522f5847212
9.0/RPMS/MySQL-client-3.23.56-1.4mdk.i586.rpm
f3b68760fc14e323968128d2dd2a2424
9.0/RPMS/libmysql10-3.23.56-1.4mdk.i586.rpm
736921df70148f22ac2bf476f65a40e1
9.0/RPMS/libmysql10-devel-3.23.56-1.4mdk.i586.rpm
f5117c9dd321fb2316454e6d1517a26c
9.0/SRPMS/MySQL-3.23.56-1.4mdk.src.rpm

Mandrake Linux 9.1:
b20d36a855f8f0e087e47fec91a3ce91
9.1/RPMS/MySQL-4.0.11a-5.1mdk.i586.rpm
7c8a41466b97a28ffbb1fba78f9e2f0b
9.1/RPMS/MySQL-Max-4.0.11a-5.1mdk.i586.rpm
231c9f602fafb2c142b7f02753f8c3eb
9.1/RPMS/MySQL-bench-4.0.11a-5.1mdk.i586.rpm
ade857592838f3908d69578475bf6bcd
9.1/RPMS/MySQL-client-4.0.11a-5.1mdk.i586.rpm
f8d439bec4e97f4f4efb13617875707a
9.1/RPMS/MySQL-common-4.0.11a-5.1mdk.i586.rpm
7ed8a377e95b39805f7313ac46f881b8
9.1/RPMS/libmysql12-4.0.11a-5.1mdk.i586.rpm
61bc73d27c7f9a37a58532795d3411d4
9.1/RPMS/libmysql12-devel-4.0.11a-5.1mdk.i586.rpm
e122ba5f17a01c92c07d8220120b8ab1
9.1/SRPMS/MySQL-4.0.11a-5.1mdk.src.rpm

Mandrake Linux 9.1/PPC:
dbcaaee7d1e1f802ced35da3c6190305
ppc/9.1/RPMS/MySQL-4.0.11a-5.1mdk.ppc.rpm
0521fee096dedee3eb791bd6a92bf796
ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.1mdk.ppc.rpm
c1ca4c9d4155e153b119a9cfde27cbea
ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.1mdk.ppc.rpm
2d38805e5057e566d8e50cd543749f99
ppc/9.1/RPMS/MySQL-client-4.0.11a-5.1mdk.ppc.rpm
9a1dd2b49a2a40ac16c73dec01cb1a4f
ppc/9.1/RPMS/MySQL-common-4.0.11a-5.1mdk.ppc.rpm
960bf6b6c8cb542d201f5813dcc9e933
ppc/9.1/RPMS/libmysql12-4.0.11a-5.1mdk.ppc.rpm
0ef8dd187b998aef5414ff8c7793e836
ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.1mdk.ppc.rpm
e122ba5f17a01c92c07d8220120b8ab1
ppc/9.1/SRPMS/MySQL-4.0.11a-5.1mdk.src.rpm

Bug IDs fixed (see https://qa.mandrakesoft.com for
more information):

To upgrade automatically, use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:

gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98

Please be aware that sometimes it takes the mirrors a few hours
to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type	Bits/KeyID	Date	User ID
pub	1024D/22458A98	2000-07-10	Linux Mandrake Security Team <security linux-mandrake.com>

Mandrake Linux Advisories: gtkhtml, MySQL

Get the Free Newsletter!

Must Read

Rescuezilla 2.6.1 Released with Ubuntu 25.04 Base

Best Free and Open Source Alternatives to Autodesk Fusion

GStreamer 1.26.4 Rolls Out with Bug Fixes and Performance Tweaks

Debian 13 Trixie Nears Stable Release: Final Freeze Set for August 2025

Falco: Open-source cloud-native runtime security tool for Linux

Our Brands