-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:159 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : July 27, 2009 Affected: 2008.1, 2009.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in mysql: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446). This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 3628f8975e928e87a1a364cf8817a200 2008.1/i586/libmysql15-5.0.51a-8.3mdv2008.1.i586.rpm 317c6543ab44b98981a426a61da15726 2008.1/i586/libmysql-devel-5.0.51a-8.3mdv2008.1.i586.rpm 2c38fa4add8cb3b2ee751dc552309e99 2008.1/i586/libmysql-static-devel-5.0.51a-8.3mdv2008.1.i586.rpm c8e3a790a4062d9af0da3f2561478e85 2008.1/i586/mysql-5.0.51a-8.3mdv2008.1.i586.rpm 65daf3337e7089633a9e9f6b00a9cdf7 2008.1/i586/mysql-bench-5.0.51a-8.3mdv2008.1.i586.rpm 941ae80135f17328d5cd56b9acf193c9 2008.1/i586/mysql-client-5.0.51a-8.3mdv2008.1.i586.rpm ae37b0e87a93a5b84c6b591c9d5d42d5 2008.1/i586/mysql-common-5.0.51a-8.3mdv2008.1.i586.rpm 9c5028a0999ae2ac20d911660d88cf1e 2008.1/i586/mysql-doc-5.0.51a-8.3mdv2008.1.i586.rpm 2a5b92da25ed9f19ec26d61eeb479990 2008.1/i586/mysql-max-5.0.51a-8.3mdv2008.1.i586.rpm 801f996c1a66cb3b93bf7d62761cb492 2008.1/i586/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.i586.rpm 0083b276c3045f240de7d75aedaca226 2008.1/i586/mysql-ndb-management-5.0.51a-8.3mdv2008.1.i586.rpm 1b83044a362c90b6c7a2a78ce495d9ec 2008.1/i586/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.i586.rpm 4aa47c32b6e7863e1f52eb428bab87ff 2008.1/i586/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.i586.rpm 79bdf79636fcd2a542195f4356b10611 2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 9f1ea47fd375a6755064c258785c73f0 2008.1/x86_64/lib64mysql15-5.0.51a-8.3mdv2008.1.x86_64.rpm d7444208199082e58a85b46b7e5bbbc4 2008.1/x86_64/lib64mysql-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm 369e6f95263472abd215281d1966d92f 2008.1/x86_64/lib64mysql-static-devel-5.0.51a-8.3mdv2008.1.x86_64.rpm 9909dc719a779a2c66436ee41833547f 2008.1/x86_64/mysql-5.0.51a-8.3mdv2008.1.x86_64.rpm 3860325b02a80e9a63be97c4fd9108c8 2008.1/x86_64/mysql-bench-5.0.51a-8.3mdv2008.1.x86_64.rpm d9b3b6929bd24b1d6e875feed8c1a957 2008.1/x86_64/mysql-client-5.0.51a-8.3mdv2008.1.x86_64.rpm 9979f82c4d640a2dd7d74f600c428004 2008.1/x86_64/mysql-common-5.0.51a-8.3mdv2008.1.x86_64.rpm 4af8c7ceff4bc8f4ed65826d2f2da519 2008.1/x86_64/mysql-doc-5.0.51a-8.3mdv2008.1.x86_64.rpm b56aee4f26e9ec7136994047348c0c34 2008.1/x86_64/mysql-max-5.0.51a-8.3mdv2008.1.x86_64.rpm be02d59a3060287436bbc95c97adca80 2008.1/x86_64/mysql-ndb-extra-5.0.51a-8.3mdv2008.1.x86_64.rpm 5bf5715866f49b050972d937f1c8757c 2008.1/x86_64/mysql-ndb-management-5.0.51a-8.3mdv2008.1.x86_64.rpm a136e3d9956101149e56dde69578c37b 2008.1/x86_64/mysql-ndb-storage-5.0.51a-8.3mdv2008.1.x86_64.rpm 2149c675079fea5e03590d3d7491fab9 2008.1/x86_64/mysql-ndb-tools-5.0.51a-8.3mdv2008.1.x86_64.rpm 79bdf79636fcd2a542195f4356b10611 2008.1/SRPMS/mysql-5.0.51a-8.3mdv2008.1.src.rpm Mandriva Linux 2009.0: 1e1a4b7883da6c70286855443dda32cb 2009.0/i586/libmysql15-5.0.84-0.2mdv2009.0.i586.rpm 7380d8d6c3f80d79bd4be3bef6b113de 2009.0/i586/libmysql-devel-5.0.84-0.2mdv2009.0.i586.rpm 0c8154607d3aac68a8d282230d887990 2009.0/i586/libmysql-static-devel-5.0.84-0.2mdv2009.0.i586.rpm d00b5d9c4c4b6b78a107a3cdcb00a547 2009.0/i586/mysql-5.0.84-0.2mdv2009.0.i586.rpm 3feacd18010b9330fe33e491a30fa9c0 2009.0/i586/mysql-bench-5.0.84-0.2mdv2009.0.i586.rpm 34cbf21dccbeb564d690ce7c66d2698d 2009.0/i586/mysql-client-5.0.84-0.2mdv2009.0.i586.rpm 21ee0b85c276823c1fb31d06d41aa70f 2009.0/i586/mysql-common-5.0.84-0.2mdv2009.0.i586.rpm 2aea7e8563c35718d32323b8916b6e93 2009.0/i586/mysql-doc-5.0.84-0.2mdv2009.0.i586.rpm 7dc25b1c7389c3714d7bbe36d3abf15b 2009.0/i586/mysql-max-5.0.84-0.2mdv2009.0.i586.rpm 5927407ea622f6d1414da51e03d74f2a 2009.0/i586/mysql-ndb-extra-5.0.84-0.2mdv2009.0.i586.rpm 2b8b1c7f01b3ab187ec85d4b2e66606a 2009.0/i586/mysql-ndb-management-5.0.84-0.2mdv2009.0.i586.rpm 32e6d1ab9f1c46d87caad9d103f398ff 2009.0/i586/mysql-ndb-storage-5.0.84-0.2mdv2009.0.i586.rpm 8c1ca3484eb9c11daef1ff9c2668f7c0 2009.0/i586/mysql-ndb-tools-5.0.84-0.2mdv2009.0.i586.rpm d2c6899e2d639e0a46d8468bc84454ac 2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 96d17c2e7d0f687e560408318bc4bb20 2009.0/x86_64/lib64mysql15-5.0.84-0.2mdv2009.0.x86_64.rpm e93a2aa64a311c4e73b27a673562065f 2009.0/x86_64/lib64mysql-devel-5.0.84-0.2mdv2009.0.x86_64.rpm c6d39ceeb9da025e8826ae4f6f923c0e 2009.0/x86_64/lib64mysql-static-devel-5.0.84-0.2mdv2009.0.x86_64.rpm ed0ce425ab15be6634d920c3ffcbbbea 2009.0/x86_64/mysql-5.0.84-0.2mdv2009.0.x86_64.rpm 2ea3cdd5e28a55e90807cf8f6e6c5d3f 2009.0/x86_64/mysql-bench-5.0.84-0.2mdv2009.0.x86_64.rpm 7a8561ea92a9a7f0fe143150a17fa5f1 2009.0/x86_64/mysql-client-5.0.84-0.2mdv2009.0.x86_64.rpm f5a5087df04f186e0f9182b09341b890 2009.0/x86_64/mysql-common-5.0.84-0.2mdv2009.0.x86_64.rpm fe07c0ecffe297f10c9222426726b95a 2009.0/x86_64/mysql-doc-5.0.84-0.2mdv2009.0.x86_64.rpm c66db51ab2cd89b03ea9d5b9a3dc5f5b 2009.0/x86_64/mysql-max-5.0.84-0.2mdv2009.0.x86_64.rpm d4e14940c621ad3e1eb3ed0f64420914 2009.0/x86_64/mysql-ndb-extra-5.0.84-0.2mdv2009.0.x86_64.rpm a5bbe12755b6806496af42b8d35adb1e 2009.0/x86_64/mysql-ndb-management-5.0.84-0.2mdv2009.0.x86_64.rpm 6e22d8f4b91cd5f3e4c74ecf9a6b3fe2 2009.0/x86_64/mysql-ndb-storage-5.0.84-0.2mdv2009.0.x86_64.rpm 06b51526843f1b5fcaec98de6466839b 2009.0/x86_64/mysql-ndb-tools-5.0.84-0.2mdv2009.0.x86_64.rpm d2c6899e2d639e0a46d8468bc84454ac 2009.0/SRPMS/mysql-5.0.84-0.2mdv2009.0.src.rpm Corporate 4.0: 1b9557c9b34f969025cf5663c6acd640 corporate/4.0/i586/libmysql15-5.0.45-7.4.20060mlcs4.i586.rpm 4c9a7d5e769aecf8206d5cc357517508 corporate/4.0/i586/libmysql-devel-5.0.45-7.4.20060mlcs4.i586.rpm 2298bdc856aea199adb18d7fd0e199a8 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.4.20060mlcs4.i586.rpm 11694d6eacad6031184d39f09c1a743b corporate/4.0/i586/mysql-5.0.45-7.4.20060mlcs4.i586.rpm 26d5f2972f74bebd927365c6b8aea29f corporate/4.0/i586/mysql-bench-5.0.45-7.4.20060mlcs4.i586.rpm 15bbcbec5d99ab7b2c579e1bd70e890a corporate/4.0/i586/mysql-client-5.0.45-7.4.20060mlcs4.i586.rpm 05bbf10154ab61f70b7d1bef96e433d5 corporate/4.0/i586/mysql-common-5.0.45-7.4.20060mlcs4.i586.rpm 79815e2645924f5540fff00163e0d6ac corporate/4.0/i586/mysql-max-5.0.45-7.4.20060mlcs4.i586.rpm 8ce00c54f3d5a5ae7520a14ba4a6d31d corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.i586.rpm a13afdcc0e7529eb7049d10ad6753fc7 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.4.20060mlcs4.i586.rpm cff43be291e117fd094c6de3ee717072 corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.i586.rpm 7d9b9210ebfd965704439c7a6a82ac0b corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.i586.rpm 1ca36aca6b2c65a6aea62dca2495139a corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: dbf87e065578c19b64d466df96a58aac corporate/4.0/x86_64/lib64mysql15-5.0.45-7.4.20060mlcs4.x86_64.rpm efbdc741f009ee171677c6ee751cc074 corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm a56e2f968ecf9cefa2e569b722ebf438 corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.4.20060mlcs4.x86_64.rpm 263540907d7352253e74c8d9e7867830 corporate/4.0/x86_64/mysql-5.0.45-7.4.20060mlcs4.x86_64.rpm f18d3a07e6bea0469fc9f403b9863e1d corporate/4.0/x86_64/mysql-bench-5.0.45-7.4.20060mlcs4.x86_64.rpm 30b41d78a46daf5109c2f30e38edc2fe corporate/4.0/x86_64/mysql-client-5.0.45-7.4.20060mlcs4.x86_64.rpm fe1c6a7df34ae07f58ceb2b4f5ab8e1d corporate/4.0/x86_64/mysql-common-5.0.45-7.4.20060mlcs4.x86_64.rpm ce5658bb011633365c74f359d5c5aa83 corporate/4.0/x86_64/mysql-max-5.0.45-7.4.20060mlcs4.x86_64.rpm 037669a1be7b9a411adb6e87db77e31f corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.4.20060mlcs4.x86_64.rpm 7c6c390912be084c419d4a73b79f7099 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.4.20060mlcs4.x86_64.rpm 02c2dbaf8f0346142d3865824aa7567c corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.4.20060mlcs4.x86_64.rpm 6d89669e649f898e1f35d2aa74e713f4 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.4.20060mlcs4.x86_64.rpm 1ca36aca6b2c65a6aea62dca2495139a corporate/4.0/SRPMS/mysql-5.0.45-7.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKbZg6mqjQ0CJFipgRAtcHAKC/1zd95+nBqZs3vzdTTMVjUrtYdQCeMeyi M+BzL6689hE/cOwX7jSm0gw= =4Yy8 -----END PGP SIGNATURE-----