-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:197 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mysql Date : July 23, 2013 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in mysql: MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error (CVE-2013-1861). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search (CVE-2013-3802). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer (CVE-2013-3804). The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3804 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-70.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: d50025f407efd92277e1ce69b498932a mes5/i586/libmysql16-5.1.70-0.1mdvmes5.2.i586.rpm 9f0cb96b3e3cc6d9217d4d58a90304c5 mes5/i586/libmysql-devel-5.1.70-0.1mdvmes5.2.i586.rpm 51943d180dd136175e303a7629e8ece2 mes5/i586/libmysql-static-devel-5.1.70-0.1mdvmes5.2.i586.rpm 11f429a294ce0a1f0a3b760ea5e36392 mes5/i586/mysql-5.1.70-0.1mdvmes5.2.i586.rpm e581dea7bbd3ec979ecebe2fb03fdecf mes5/i586/mysql-bench-5.1.70-0.1mdvmes5.2.i586.rpm e8c4be68e730ed3f4b854cbfb2ef62d1 mes5/i586/mysql-client-5.1.70-0.1mdvmes5.2.i586.rpm 58e82a0beaf27e4d4dd0a8680550242d mes5/i586/mysql-common-5.1.70-0.1mdvmes5.2.i586.rpm ef5290b2cec153e8529a9a2475536541 mes5/SRPMS/mysql-5.1.70-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: aa18a4827c59c6b87c9d7b2972e7724c mes5/x86_64/lib64mysql16-5.1.70-0.1mdvmes5.2.x86_64.rpm efecce077f18b14d3864a455d98fd962 mes5/x86_64/lib64mysql-devel-5.1.70-0.1mdvmes5.2.x86_64.rpm 612305725f5081095e839911eab31f92 mes5/x86_64/lib64mysql-static-devel-5.1.70-0.1mdvmes5.2.x86_64.rpm 2d12d3c1ebc247a49c70074ac00044cd mes5/x86_64/mysql-5.1.70-0.1mdvmes5.2.x86_64.rpm 5330a94f0a81648e0610d8fb051be165 mes5/x86_64/mysql-bench-5.1.70-0.1mdvmes5.2.x86_64.rpm 87b0f4a48768c3f97fd391101dff0f70 mes5/x86_64/mysql-client-5.1.70-0.1mdvmes5.2.x86_64.rpm 43ad98e628ae21a2d8c825096ff35f4f mes5/x86_64/mysql-common-5.1.70-0.1mdvmes5.2.x86_64.rpm ef5290b2cec153e8529a9a2475536541 mes5/SRPMS/mysql-5.1.70-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFR7h76mqjQ0CJFipgRAilqAJ4s0yqFPFdT0sOYj20pYbQni9KHcgCgu6As M44JAmrkDXcyeRhgdxkZszI= =KbxN -----END PGP SIGNATURE-----
