Paketname
mysql
Datum
2009-12-07
Advisory ID
MDVSA-2009:326
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in mysql:

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6
does not properly handle a b'' (b single-quote single-quote) token,
aka an empty bit-string literal, which allows remote attackers to
cause a denial of service (daemon crash) by using this token in a
SQL statement (CVE-2008-3963).

MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified
to contain a symlink to a subdirectory of the MySQL home data
directory. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client
in MySQL 5.0.26 through 5.0.45, when the --html option is enabled,
allows attackers to inject arbitrary web script or HTML by placing
it in a database cell, which might be accessed by this client when
composing an HTML document (CVE-2008-4456).

Multiple format string vulnerabilities in the dispatch_command function
in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
remote authenticated users to cause a denial of service (daemon crash)
and possibly have unspecified other impact via format string specifiers
in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
NOTE: some of these details are obtained from third party information
(CVE-2009-2446).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides fixes for this vulnerability.

Aktualisierte Pakete

2008.0 i586

 ae69b85b696ede452665a3dfe40d602b  2008.0/i586/libmysql15-5.0.45-8.3mdv2008.0.i586.rpm
 f6eb37fb5cc75b4d1a49de76a4342f6a  2008.0/i586/libmysql-devel-5.0.45-8.3mdv2008.0.i586.rpm
 7175d70122ba697194ed1adf6e29d37d  2008.0/i586/libmysql-static-devel-5.0.45-8.3mdv2008.0.i586.rpm
 495bc59b243e7d6eda09c275cf593d5d  2008.0/i586/mysql-5.0.45-8.3mdv2008.0.i586.rpm
 1a6a5f377487543980d05b0d34e9343c  2008.0/i586/mysql-bench-5.0.45-8.3mdv2008.0.i586.rpm
 ba4598db2f067bda0d921fb26da64d96  2008.0/i586/mysql-client-5.0.45-8.3mdv2008.0.i586.rpm
 170a4609fa3ed65ddcc8e5956bcb5f11  2008.0/i586/mysql-common-5.0.45-8.3mdv2008.0.i586.rpm
 68174419ca38e88f87658d11475e716d  2008.0/i586/mysql-max-5.0.45-8.3mdv2008.0.i586.rpm
 2e47c7e45fb2188a5b4a552c23edfaf9  2008.0/i586/mysql-ndb-extra-5.0.45-8.3mdv2008.0.i586.rpm
 19d0e06501b511c09288d75042180e0b  2008.0/i586/mysql-ndb-management-5.0.45-8.3mdv2008.0.i586.rpm
 87815967c743b1a2c8190b1e34a28542  2008.0/i586/mysql-ndb-storage-5.0.45-8.3mdv2008.0.i586.rpm
 be119a2c13e9fb93cf7a9dd82b22093f  2008.0/i586/mysql-ndb-tools-5.0.45-8.3mdv2008.0.i586.rpm 
 1647467195a43409ee289a2704002608  2008.0/SRPMS/mysql-5.0.45-8.3mdv2008.0.src.rpm

2008.0 x86_64

 8786523fc4ee663a61b030925a7649d4  2008.0/x86_64/lib64mysql15-5.0.45-8.3mdv2008.0.x86_64.rpm
 e7969bf96906ed7683f76956d5968bc0  2008.0/x86_64/lib64mysql-devel-5.0.45-8.3mdv2008.0.x86_64.rpm
 42c3ba27aafb73dc87e7acef4eab36ff  2008.0/x86_64/lib64mysql-static-devel-5.0.45-8.3mdv2008.0.x86_64.rpm
 a0873f40a53e858bdc454b5aa01b8a7d  2008.0/x86_64/mysql-5.0.45-8.3mdv2008.0.x86_64.rpm
 89a89bd97458ba99030ea004ecce409d  2008.0/x86_64/mysql-bench-5.0.45-8.3mdv2008.0.x86_64.rpm
 0df3ab344e021bac5f6fe9eefbe64be8  2008.0/x86_64/mysql-client-5.0.45-8.3mdv2008.0.x86_64.rpm
 7472bf5a811f542ce1e3f5461e286714  2008.0/x86_64/mysql-common-5.0.45-8.3mdv2008.0.x86_64.rpm
 3f25583feb0e1220c66fda0b7ed52908  2008.0/x86_64/mysql-max-5.0.45-8.3mdv2008.0.x86_64.rpm
 037b7240a17de717678e10ca059b07eb  2008.0/x86_64/mysql-ndb-extra-5.0.45-8.3mdv2008.0.x86_64.rpm
 85383feff8a90555a5f8f64cb396f82d  2008.0/x86_64/mysql-ndb-management-5.0.45-8.3mdv2008.0.x86_64.rpm
 c316aef02e214d360eb024dfc5f7dc35  2008.0/x86_64/mysql-ndb-storage-5.0.45-8.3mdv2008.0.x86_64.rpm
 ec3058c1c790dd02c03826f868ff1077  2008.0/x86_64/mysql-ndb-tools-5.0.45-8.3mdv2008.0.x86_64.rpm 
 1647467195a43409ee289a2704002608  2008.0/SRPMS/mysql-5.0.45-8.3mdv2008.0.src.rpm

Referenzen