MDKSA-2006:084

Nom du paquet

MySQL

Date

2006-05-10

Advisory ID

MDKSA-2006:084

Affected versions

MNF2.0 i586 , 2006.0 i586 , 10.2 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

The check_connection function in sql_parse.cc in MySQL 4.0.x up to
4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote
attackers to read portions of memory via a username without a trailing
null byte, which causes a buffer over-read. (CVE-2006-1516)

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and
5.0.x up to 5.0.20 allows remote attackers to obtain sensitive
information via a COM_TABLE_DUMP request with an incorrect packet
length, which includes portions of memory in an error message.
(CVE-2006-1517)

Updated packages have been patched to correct these issues.

Updated packages

MNF2.0 i586

 516e242273227de34c51bc5d5ddd23fd  mnf/2.0/RPMS/libmysql12-4.0.18-1.9.M20mdk.i586.rpm
 043291efac87bbdcb08ecb706ba4301d  mnf/2.0/SRPMS/MySQL-4.0.18-1.9.M20mdk.src.rpm

2006.0 i586

 1116c2cbc0a6f7b443caa1db80b7cc96  2006.0/RPMS/libmysql14-4.1.12-3.2.20060mdk.i586.rpm
 a1d6f0b6b6c3441723ddce425f9d7962  2006.0/RPMS/libmysql14-devel-4.1.12-3.2.20060mdk.i586.rpm
 9d8d79e0b992d7014e6fc48e759a6588  2006.0/RPMS/MySQL-4.1.12-3.2.20060mdk.i586.rpm
 f1b66a2737dd7cd25e91807fc228b538  2006.0/RPMS/MySQL-bench-4.1.12-3.2.20060mdk.i586.rpm
 9ff1b0895c676d7fb397be4d0696b510  2006.0/RPMS/MySQL-client-4.1.12-3.2.20060mdk.i586.rpm
 d9a488579d2318523bdd59bf3bea426c  2006.0/RPMS/MySQL-common-4.1.12-3.2.20060mdk.i586.rpm
 465af10c347f571dc01af650bd26c1ff  2006.0/RPMS/MySQL-Max-4.1.12-3.2.20060mdk.i586.rpm
 113a35b2c5d17ce60404787fcee90146  2006.0/RPMS/MySQL-NDB-4.1.12-3.2.20060mdk.i586.rpm
 5b2a2092676086292383ac5178cb0be1  2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.i586.rpm
 fab0e8f7d4365d264c28e5f731d3d34b  2006.0/SRPMS/MySQL-4.1.12-3.2.20060mdk.src.rpm

10.2 i586

 4909fe2f65460b5d570c6a7ba9cff866  10.2/RPMS/libmysql14-4.1.11-1.4.102mdk.i586.rpm
 2abf3bab6adb4c55869189a77fc3fb55  10.2/RPMS/libmysql14-devel-4.1.11-1.4.102mdk.i586.rpm
 5f7cb8b59cec81673b33c8f288854cdd  10.2/RPMS/MySQL-4.1.11-1.4.102mdk.i586.rpm
 baf754c73e1d9d5d075af16bbb670865  10.2/RPMS/MySQL-bench-4.1.11-1.4.102mdk.i586.rpm
 4186fd1a7a4addda9ed50c142f09e0ad  10.2/RPMS/MySQL-client-4.1.11-1.4.102mdk.i586.rpm
 26c570f455d7113f2af79493fce1f09c  10.2/RPMS/MySQL-common-4.1.11-1.4.102mdk.i586.rpm
 feb16e6ba1272758d8eb5b03960a8109  10.2/RPMS/MySQL-Max-4.1.11-1.4.102mdk.i586.rpm
 ff61354715f761a46a8910141c17308d  10.2/RPMS/MySQL-NDB-4.1.11-1.4.102mdk.i586.rpm
 52cbe54bd00e29484c6c25735c7bcb94  10.2/SRPMS/MySQL-4.1.11-1.4.102mdk.src.rpm

CS3.0 x86_64

 85adbefb6c932da4febb94fbd9ad477c  x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.9.C30mdk.x86_64.rpm
 d94af3b74686045910e2330bd5245a30  x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.9.C30mdk.x86_64.rpm
 36f0d3bb53766d832fce145d119f52c9  x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.9.C30mdk.x86_64.rpm
 538493e0ec4636f1dd0ec0ef8a26165c  x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.9.C30mdk.x86_64.rpm
 6773bce043fabd3871ec292bcbe20e7a  x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.9.C30mdk.x86_64.rpm
 fd0876c6a9dfe36df6d116ce5433b152  x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.9.C30mdk.x86_64.rpm
 808c8c1e8d107e810a2a16f0be2aa5ac  x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.9.C30mdk.x86_64.rpm
 d67f3b91058f8e17bf72d75b1d131e2d  x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.9.C30mdk.src.rpm

CS3.0 i586

 08e6f2ab4f9e4c527519fb927cd1bbd7  corporate/3.0/RPMS/libmysql12-4.0.18-1.9.C30mdk.i586.rpm
 01de6e536bcd09a1b61c41b1f42f2f72  corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.9.C30mdk.i586.rpm
 ddf99e4e753c37709883b04d1cf2030a  corporate/3.0/RPMS/MySQL-4.0.18-1.9.C30mdk.i586.rpm
 4cee7ed9d192be77d78dd72d8fcd2eaa  corporate/3.0/RPMS/MySQL-bench-4.0.18-1.9.C30mdk.i586.rpm
 65faadbbd953da2f71e7ba575aabd9c5  corporate/3.0/RPMS/MySQL-client-4.0.18-1.9.C30mdk.i586.rpm
 d88cb2542f68be1438770e916cedfbf8  corporate/3.0/RPMS/MySQL-common-4.0.18-1.9.C30mdk.i586.rpm
 8930f8e648b838abad0e905402d7f098  corporate/3.0/RPMS/MySQL-Max-4.0.18-1.9.C30mdk.i586.rpm
 d67f3b91058f8e17bf72d75b1d131e2d  corporate/3.0/SRPMS/MySQL-4.0.18-1.9.C30mdk.src.rpm

10.2 x86_64

 505a4c981db838708fdf1f63bb8bf1d9  x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.4.102mdk.x86_64.rpm
 58cfd4b6f1c2a44475fc4e0b155c411b  x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.4.102mdk.x86_64.rpm
 71b93f12b9441a16a674e21d083fb106  x86_64/10.2/RPMS/MySQL-4.1.11-1.4.102mdk.x86_64.rpm
 e2453637f22fdc0035972e22ed5446d5  x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.4.102mdk.x86_64.rpm
 924a711c2d7bfcb183e67c0ed8455cdf  x86_64/10.2/RPMS/MySQL-client-4.1.11-1.4.102mdk.x86_64.rpm
 fea020684cfe4447d84b236ed3eb8712  x86_64/10.2/RPMS/MySQL-common-4.1.11-1.4.102mdk.x86_64.rpm
 4f613498aba6803507a6210025c364bd  x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.4.102mdk.x86_64.rpm
 d211d2b6bef7e4a8702b6d10f1a2e9c8  x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.4.102mdk.x86_64.rpm
 52cbe54bd00e29484c6c25735c7bcb94  x86_64/10.2/SRPMS/MySQL-4.1.11-1.4.102mdk.src.rpm

2006.0 x86_64

 95076266d5ef2642c402f7130cdfe241  x86_64/2006.0/RPMS/lib64mysql14-4.1.12-3.2.20060mdk.x86_64.rpm
 acbdc71b998c812c24ed7114c368ece3  x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-3.2.20060mdk.x86_64.rpm
 ea9a4fc478ddeb0fafaa50e0ea4a208f  x86_64/2006.0/RPMS/MySQL-4.1.12-3.2.20060mdk.x86_64.rpm
 fef7934cf4bee099e8e64bc0b75f885d  x86_64/2006.0/RPMS/MySQL-bench-4.1.12-3.2.20060mdk.x86_64.rpm
 e713937238d32342925e65ef301585e7  x86_64/2006.0/RPMS/MySQL-client-4.1.12-3.2.20060mdk.x86_64.rpm
 1f36af145e87802e37c673a66360fe34  x86_64/2006.0/RPMS/MySQL-common-4.1.12-3.2.20060mdk.x86_64.rpm
 c24793f5e9e10a9601db7dac7d096b29  x86_64/2006.0/RPMS/MySQL-Max-4.1.12-3.2.20060mdk.x86_64.rpm
 82b03a0968e65e92cdb569d8149e0fd1  x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-3.2.20060mdk.x86_64.rpm
 fab0e8f7d4365d264c28e5f731d3d34b  x86_64/2006.0/SRPMS/MySQL-4.1.12-3.2.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517