-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2002.013 16-Dec-2002 ________________________________________________________________________ Package: mysql Vulnerability: password bypass, arbitrary code execution OpenPKG Specific: no Dependent Packages: apache, myodbc, perl-dbi, postfix Affected Releases: Affected Packages: Corrected Packages: OpenPKG 1.0 <= mysql-3.23.46-1.0.0 >= mysql-3.23.46-1.0.1 OpenPKG 1.1 <= mysql-3.23.52-1.1.0 >= mysql-3.23.52-1.1.1 OpenPKG CURRENT <= mysql-3.23.53-20021204 >= mysql-3.23.54-20021212 Description: The e-matters [0] company discovered two flaws [1] within the MySQL [2] server that can be used by any MySQL user to crash the server. One of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld(8). They also discovered an arbitrary size heap overflow within the MySQL client library and another vulnerability that allows to write '\0' to any memory address. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. Check whether you are affected by running "<prefix>/bin/rpm -q mysql". If you have an affected version of the "mysql" package (see above), please upgrade it according to the solution below. Solution: Update existing packages to newly patched versions of MySQL. Select the updated source RPM appropriate for your OpenPKG release [3][4][5], and fetch it from the OpenPKG FTP service or a mirror location. Verify its integrity [6], build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM [7]. For the latest OpenPKG 1.1 release, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.1/UPD ftp> get mysql-3.23.52-1.1.1.src.rpm ftp> bye $ <prefix>/bin/rpm -v --checksig mysql-3.23.52-1.1.1.src.rpm $ <prefix>/bin/rpm --rebuild mysql-3.23.52-1.1.1.src.rpm $ su - # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/mysql-3.23.52-1.1.1.*.rpm # <prefix>/etc/rc mysql stop start ________________________________________________________________________ References: [0] http://www.e-matters.de/ [1] http://security.e-matters.de/advisories/042002.html [2] http://www.mysql.com/ [3] ftp://ftp.openpkg.org/release/1.0/UPD/ [4] ftp://ftp.openpkg.org/release/1.1/UPD/ [5] ftp://ftp.openpkg.org/current/SRC/ [6] http://www.openpkg.org/security.html#signature [7] http://www.openpkg.org/tutorial.html#regular-source ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For example, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkg@openpkg.org> iEYEARECAAYFAj39rFwACgkQgHWT4GPEy59OOQCfRNp25g3jXbRoIITZnwnpT7lo 0q8AoMCazmZmwIs0sqxUJF4wfwbsC6Zz =6WvF -----END PGP SIGNATURE-----
