Fedora Legacy Test Update Notification: mysql

Marc Deslauriers marcdeslauriers at videotron.ca
Mon May 2 11:57:38 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152925
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152925
2005-05-02
---------------------------------------------------------------------

Name        : mysql
Versions    : rh7.3: mysql-3.23.58-1.73.6.legacy
Versions    : rh9: mysql-3.23.58-1.90.6.legacy
Versions    : fc1: mysql-3.23.58-4.4.legacy
Summary     : The MySQL server and related files.
Description :
MySQL is a true multi-user, multi-threaded SQL database server. MySQL
is a client/server implementation that consists of a server daemon
(mysqld) and many different client programs and libraries. This
package contains the MySQL server and some accompanying files and
directories.

---------------------------------------------------------------------
Update Information:

Updated mysql packages that fix various security issues are now
available.

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-
defined functions. A user with the ability to create and execute a user
defined function could potentially execute arbitrary code on the MySQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates
temporary tables. A local user could create a specially crafted symlink
which could result in the MySQL server overwriting a file which it has
write access to. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Apr 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.73.6.legacy
- Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711
- Fix init script to not need a valid username for startup check
- Don't assume /etc/my.cnf will specify pid-file
- add sleep to mysql.init restart();

rh9:
* Wed Apr 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.90.6.legacy
- Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711
- Fix init script to not need a valid username for startup check
- Don't assume /etc/my.cnf will specify pid-file
- add sleep to mysql.init restart();

fc1:
* Wed Apr 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-4.4.legacy
- Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711
- Fix init script to not need a valid username for startup check
- Don't assume /etc/my.cnf will specify pid-file
- add sleep to mysql.init restart();

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
6b9ad2acc6eaaebeef935feb6e32b1e59f8d1e94
redhat/7.3/updates-testing/i386/mysql-3.23.58-1.73.6.legacy.i386.rpm
090bce8a56c5cc7fedbca223925eb9d15dca5cd5
redhat/7.3/updates-testing/i386/mysql-devel-3.23.58-1.73.6.legacy.i386.rpm
8d8565f44b2de5f7d36274803d04e4b06e2abf81
redhat/7.3/updates-testing/i386/mysql-server-3.23.58-1.73.6.legacy.i386.rpm
1d8f01787f7824c2d2638c8e48e9e8c03d7c0c28
redhat/7.3/updates-testing/SRPMS/mysql-3.23.58-1.73.6.legacy.src.rpm

rh9:
c838b40be12cd10b40f4b2c7e4c14c368734da23
redhat/9/updates-testing/i386/mysql-3.23.58-1.90.6.legacy.i386.rpm
dc86a50ecfef42f4f85aaf798f84beea0bf656fa
redhat/9/updates-testing/i386/mysql-devel-3.23.58-1.90.6.legacy.i386.rpm
dc24c3c52eeb2874b3547b0d2347e214b321da02
redhat/9/updates-testing/i386/mysql-server-3.23.58-1.90.6.legacy.i386.rpm
4f713ffcf56fd07d19e12f291a87a4feea6fbd23
redhat/9/updates-testing/SRPMS/mysql-3.23.58-1.90.6.legacy.src.rpm

fc1:
ed3ddb39dbadf121a87348c9b7cfb3d6fc3917c4
fedora/1/updates-testing/i386/mysql-3.23.58-4.4.legacy.i386.rpm
3c57f554ed37cbb29e05773c1527f389f4601b16
fedora/1/updates-testing/i386/mysql-bench-3.23.58-4.4.legacy.i386.rpm
d08b91055dae251b192de109a453a4bbe03828c9
fedora/1/updates-testing/i386/mysql-devel-3.23.58-4.4.legacy.i386.rpm
950b5116ba77127478cb02d5a9b7e23711376daf
fedora/1/updates-testing/i386/mysql-server-3.23.58-4.4.legacy.i386.rpm
56257305e480c2db1669de92024033f7bb9f1702
fedora/1/updates-testing/SRPMS/mysql-3.23.58-4.4.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050502/f94c975a/attachment.sig>

More information about the fedora-legacy-list mailing list