MDKSA-2004:119

Package name

MySQL

Date

2004-11-01

Advisory ID

MDKSA-2004:119

Affected versions

9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , 9.2 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A number of problems have been discovered in the MySQL database server: Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method (CAN-2004-0457). Oleksandr Byelkin discovered that the "ALTER TABLE ... RENAME" would check the CREATE/INSERT rights of the old table rather than the new one (CAN-2004-0835). Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function (CAN-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall (CAN-2004-0837). The updated MySQL packages have been patched to protect against these issues.

Updated packages

9.2 amd64

 e8a1259267471c9f47b812aa80782a7f  amd64/9.2/RPMS/MySQL-4.0.15-1.2.92mdk.amd64.rpm
4545590ffd9eb4995807a4c37762d966  amd64/9.2/RPMS/MySQL-Max-4.0.15-1.2.92mdk.amd64.rpm
e85c26267ae0847e982b848bcae82715  amd64/9.2/RPMS/MySQL-bench-4.0.15-1.2.92mdk.amd64.rpm
f1ea2226a633f792d70ecb4508a50bc2  amd64/9.2/RPMS/MySQL-client-4.0.15-1.2.92mdk.amd64.rpm
4aa99ef449ebe42466adbdbf99e2f588  amd64/9.2/RPMS/MySQL-common-4.0.15-1.2.92mdk.amd64.rpm
b92a3b4fa52f27e9e92b9d8691f6bf9e  amd64/9.2/RPMS/lib64mysql12-4.0.15-1.2.92mdk.amd64.rpm
410e1737c0cff17eba69081894c91bcd  amd64/9.2/RPMS/lib64mysql12-devel-4.0.15-1.2.92mdk.amd64.rpm
d040b231845bf2035905fcdeec142650  amd64/9.2/SRPMS/MySQL-4.0.15-1.2.92mdk.src.rpm

CS2.1 x86_64

 b308f0d13fabf30b0c73b6a62bae42d2  x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.6.C21mdk.x86_64.rpm
d1681268b5c2d3d5865585d517001aff  x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.6.C21mdk.x86_64.rpm
d508c3f565f294d319e8da215a622eeb  x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.6.C21mdk.x86_64.rpm
20219356f5a1256eb5d4543e30fa3ce4  x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.6.C21mdk.x86_64.rpm
aac8add3fe8beee70f9b3048a7372ab0  x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.6.C21mdk.x86_64.rpm
cb7d3ebab5149514909633609b47fab1  x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.6.C21mdk.x86_64.rpm
537ee31b2c8b6c0c006d07bea8aad1a8  x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.6.C21mdk.src.rpm

10.0 amd64

 491712aed8839a408cd2e3a5ca088668  amd64/10.0/RPMS/MySQL-4.0.18-1.2.100mdk.amd64.rpm
d579b376ed0da8d42dc1adb1a472a923  amd64/10.0/RPMS/MySQL-Max-4.0.18-1.2.100mdk.amd64.rpm
b0b056e3a247c2187a09eec2b5c666a3  amd64/10.0/RPMS/MySQL-bench-4.0.18-1.2.100mdk.amd64.rpm
44fc8c891ea9e75ed10918c52e29ddd7  amd64/10.0/RPMS/MySQL-client-4.0.18-1.2.100mdk.amd64.rpm
df20d5582e78629ff86e27499a72b0b7  amd64/10.0/RPMS/MySQL-common-4.0.18-1.2.100mdk.amd64.rpm
79af2d7adb19e2a0df48c8d0765914fe  amd64/10.0/RPMS/lib64mysql12-4.0.18-1.2.100mdk.amd64.rpm
a5e44db419bb47f1169deb3af54f9d48  amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.2.100mdk.amd64.rpm
188e63d83d403f4c4c11ae7487cf45ac  amd64/10.0/SRPMS/MySQL-4.0.18-1.2.100mdk.src.rpm

10.1 i586

 0241fc97ccebf80f02f573404cc7f01b  10.1/RPMS/MySQL-4.0.20-3.1.101mdk.i586.rpm
fb27d0a9d916a63d4c8143c7ae181ef0  10.1/RPMS/MySQL-Max-4.0.20-3.1.101mdk.i586.rpm
758d3b52cf32d0fb1114199eb7e65247  10.1/RPMS/MySQL-bench-4.0.20-3.1.101mdk.i586.rpm
1df5f23ef2ea4f9456323dc7925d0790  10.1/RPMS/MySQL-client-4.0.20-3.1.101mdk.i586.rpm
61d8e14939e9dcc9bf8b9207e7a4bd60  10.1/RPMS/MySQL-common-4.0.20-3.1.101mdk.i586.rpm
ee21d69bf2275f8933ca0c91c5af5b98  10.1/RPMS/libmysql12-4.0.20-3.1.101mdk.i586.rpm
9c64006cb87de169f43ad8f78b1b1c47  10.1/RPMS/libmysql12-devel-4.0.20-3.1.101mdk.i586.rpm
a3b194caf4c67c8fa6f881d5577aabba  10.1/SRPMS/MySQL-4.0.20-3.1.101mdk.src.rpm

10.0 i586

 f680ccd6ecdd9abc77496c71ce02d70b  10.0/RPMS/MySQL-4.0.18-1.2.100mdk.i586.rpm
30c0c2b64243f1b9ac300eb52062d303  10.0/RPMS/MySQL-Max-4.0.18-1.2.100mdk.i586.rpm
8618a5f416cf30cd527be1f42763210f  10.0/RPMS/MySQL-bench-4.0.18-1.2.100mdk.i586.rpm
b6d07c7d09e405e174311024e098de1b  10.0/RPMS/MySQL-client-4.0.18-1.2.100mdk.i586.rpm
b28337d115d733eb280d7fe5659bcc5a  10.0/RPMS/MySQL-common-4.0.18-1.2.100mdk.i586.rpm
66536b18fc371f756a61496d90340a7b  10.0/RPMS/libmysql12-4.0.18-1.2.100mdk.i586.rpm
befe1dbf68fcbc0b9300af93ec9b9d57  10.0/RPMS/libmysql12-devel-4.0.18-1.2.100mdk.i586.rpm
188e63d83d403f4c4c11ae7487cf45ac  10.0/SRPMS/MySQL-4.0.18-1.2.100mdk.src.rpm

9.2 i586

 8a874159baa33853754001a99e1cdd10  9.2/RPMS/MySQL-4.0.15-1.2.92mdk.i586.rpm
ea88058a50c8f170c35b070f8843d1dd  9.2/RPMS/MySQL-Max-4.0.15-1.2.92mdk.i586.rpm
686a188b99e75f2e44c7be5fc49313bb  9.2/RPMS/MySQL-bench-4.0.15-1.2.92mdk.i586.rpm
077b2f4785ec2af1a0886baf0dd5742d  9.2/RPMS/MySQL-client-4.0.15-1.2.92mdk.i586.rpm
e2622344b092c71e68f6be668d2b00a1  9.2/RPMS/MySQL-common-4.0.15-1.2.92mdk.i586.rpm
a1a485e1de88013571f6c2ea0417f1f8  9.2/RPMS/libmysql12-4.0.15-1.2.92mdk.i586.rpm
46b3cfd41057fd6ad674555f1cd2e786  9.2/RPMS/libmysql12-devel-4.0.15-1.2.92mdk.i586.rpm
d040b231845bf2035905fcdeec142650  9.2/SRPMS/MySQL-4.0.15-1.2.92mdk.src.rpm

CS2.1 i586

 6a3d3652bcf1b9b213cb12b22abfa297  corporate/2.1/RPMS/MySQL-3.23.56-1.6.C21mdk.i586.rpm
c819f40d6afef344e3fbfd50f13e4adb  corporate/2.1/RPMS/MySQL-Max-3.23.56-1.6.C21mdk.i586.rpm
c3bf86fe33f2e1f80ba53817fe23ed60  corporate/2.1/RPMS/MySQL-bench-3.23.56-1.6.C21mdk.i586.rpm
2296ca45f742f6ad4fe0f12827bc7e69  corporate/2.1/RPMS/MySQL-client-3.23.56-1.6.C21mdk.i586.rpm
7cdd06d76012d329ffb1b8c05af8ce22  corporate/2.1/RPMS/libmysql10-3.23.56-1.6.C21mdk.i586.rpm
6b8784affa68c19199753877a7127c93  corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.6.C21mdk.i586.rpm
537ee31b2c8b6c0c006d07bea8aad1a8  corporate/2.1/SRPMS/MySQL-3.23.56-1.6.C21mdk.src.rpm

10.1 x86_64

 214a6acbb0fb3e8398111a6d30ac4082  x86_64/10.1/RPMS/MySQL-4.0.20-3.1.101mdk.x86_64.rpm
72ad37fa4cd99254d399e725c44b5681  x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.1.101mdk.x86_64.rpm
c98fd317bc3a2387801c440626459f4e  x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.1.101mdk.x86_64.rpm
3141d5e2fa8ca10f94c3501e10e0d00f  x86_64/10.1/RPMS/MySQL-client-4.0.20-3.1.101mdk.x86_64.rpm
57f74802dbc5a4912dd926ec748d53a4  x86_64/10.1/RPMS/MySQL-common-4.0.20-3.1.101mdk.x86_64.rpm
ab48d1099a5077e763b9d11c373369b4  x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.1.101mdk.x86_64.rpm
2f0846107ddaa0d7c6c389add0dbd6d5  x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.1.101mdk.x86_64.rpm
a3b194caf4c67c8fa6f881d5577aabba  x86_64/10.1/SRPMS/MySQL-4.0.20-3.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
• http://bugs.mysql.com/bug.php?id=3270
• http://bugs.mysql.com/bug.php?id=4017
• http://bugs.mysql.com/bug.php?id=2408