Fedora Legacy Test Update Notification: mysql

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Feb 22 02:46:53 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2129
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2129
2005-02-21
---------------------------------------------------------------------

Name        : mysql
Versions    : rh7.3: mysql-3.23.58-1.73.5.legacy
Versions    : rh9: mysql-3.23.58-1.90.5.legacy
Versions    : fc1: mysql-3.23.58-4.3.legacy
Summary     : The MySQL server and related files.
Description :
MySQL is a true multi-user, multi-threaded SQL database server. MySQL
is a client/server implementation that consists of a server daemon
(mysqld) and many different client programs and libraries. This
package contains the MySQL server and some accompanying files and
directories.

---------------------------------------------------------------------
Update Information:

Updated mysql packages that fix various security issues are now
available.

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes a number of potential security problems associated
with careless handling of temporary files. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0381, CAN-2004-0388, CAN-2004-0457, and CAN-2005-0004 to these
issues.

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked
the CREATE/INSERT rights of the old table instead of the new one. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0835 to this issue.

Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect
function. In order to exploit this issue an attacker would need to force
the use of a malicious DNS server (CAN-2004-0836).

Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION could cause the server to
crash or stall (CAN-2004-0837).

Sergei Golubchik discovered that if a user is granted privileges to a
database with a name containing an underscore ("_"), the user also gains
the ability to grant privileges to other databases with similar names
(CAN-2004-0957).

All users of mysql should upgrade to these updated packages, which
resolve these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Sun Feb 20 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.73.5.legacy
- Added time and libtermcap-devel BuildRequires

* Fri Feb 11 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.73.4.legacy
- Added better security patch for CAN-2004-0457
- Added security patch for CAN-2005-0004

* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.73.3.legacy
- Added security patch for CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
   and privilege escalation issue on GRANT ALL ON `Foo\_Bar` (no CVE yet)

* Fri Sep 10 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.73.2.legacy
- Added mysqlhotcopy patch to fix CAN-2004-0457

* Tue Jul 06 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.73.1.legacy
- Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388

rh9:
* Sun Feb 20 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.90.5.legacy
- Added time and libtermcap-devel BuildRequires

* Fri Feb 11 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.90.4.legacy
- Added better security patch for CAN-2004-0457
- Added security patch for CAN-2005-0004

* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.90.3.legacy
- Added security patch for CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
   and privilege escalation issue on GRANT ALL ON `Foo\_Bar` (no CVE yet)

* Fri Sep 10 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.90.2.legacy
- Added mysqlhotcopy patch to fix CAN-2004-0457

* Tue Jul 06 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-1.90.1.legacy
- Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388

fc1:
* Sun Feb 20 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-4.3.legacy
- Added time and libtermcap-devel BuildRequires

* Fri Feb 11 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-4.2.legacy
- Added better security patch for CAN-2004-0457
- Added security patch for CAN-2005-0004

* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.23.58-4.1.legacy
- Added security patch for CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
   and privilege escalation issue on GRANT ALL ON `Foo\_Bar` (no CVE yet)
- Added hotcopy patch to fix CAN-2004-0457
- Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
04ef0f04b389f7f9fc5bb46f35f81e8503a463ba 
redhat/7.3/updates-testing/i386/mysql-3.23.58-1.73.5.legacy.i386.rpm
879f133178898835609ec305988b473e7221f825 
redhat/7.3/updates-testing/i386/mysql-devel-3.23.58-1.73.5.legacy.i386.rpm
9258ee1dd63f878c376a4e8a4f28e6dc8be11600 
redhat/7.3/updates-testing/i386/mysql-server-3.23.58-1.73.5.legacy.i386.rpm
f8dfbc8e8992bb56c1f8ba9f6917ab0fb11d0e80 
redhat/7.3/updates-testing/SRPMS/mysql-3.23.58-1.73.5.legacy.src.rpm

rh9:
246af76de738268375fee9c066efdabdc5a01f73 
redhat/9/updates-testing/i386/mysql-3.23.58-1.90.5.legacy.i386.rpm
22b584c92e81cd29086fa2335910ba5b67d22711 
redhat/9/updates-testing/i386/mysql-devel-3.23.58-1.90.5.legacy.i386.rpm
4fe21cae92371b5a3ed79858ec5432807bf2cee4 
redhat/9/updates-testing/i386/mysql-server-3.23.58-1.90.5.legacy.i386.rpm
106480fe6f5d56513a4fd77592d5a8e88a9c4825 
redhat/9/updates-testing/SRPMS/mysql-3.23.58-1.90.5.legacy.src.rpm

fc1:
509f1caeef89bb626334be27e13c4269cc00ca75 
fedora/1/updates-testing/i386/mysql-3.23.58-4.3.legacy.i386.rpm
7e0bf52038d1ccb3e56f8f2e48f32846e9cb52ec 
fedora/1/updates-testing/i386/mysql-bench-3.23.58-4.3.legacy.i386.rpm
08c25d36193f30dceb4d3f81fbdd69f713fd94b7 
fedora/1/updates-testing/i386/mysql-devel-3.23.58-4.3.legacy.i386.rpm
8fa58175f2d1baf7d45e8c19939928d3faa113ba 
fedora/1/updates-testing/i386/mysql-server-3.23.58-4.3.legacy.i386.rpm
291ec6bb776126c3726dc7dfc067afad520300af 
fedora/1/updates-testing/SRPMS/mysql-3.23.58-4.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050221/9cce0bc5/attachment.sig>

More information about the fedora-legacy-list mailing list