|
|
| Problem Description |
MySQL 5.0.x did not update the DEFINER value of a view when the view
is altered, which allows remote authenticated users to gain privileges
via a sequence of statements including a CREATE SQL SECURITY DEFINER
VIEW statement and an ALTER VIEW statement (CVE-2007-6303).
The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).
The updated packages have been patched to correct these issues.
| Updated Packages |
Mandriva Linux 2008.0
064fdb51177ab133c998acdbc71e348e 2008.0/i586/libmysql-devel-5.0.45-7.2mdv2008.0.i586.rpm 3cf962a1ea6d9606188d475837a80769 2008.0/i586/libmysql-static-devel-5.0.45-7.2mdv2008.0.i586.rpm c282c301f8b3701f5f1679232f6a77b2 2008.0/i586/libmysql15-5.0.45-7.2mdv2008.0.i586.rpm ca9a4284a8b0ca5bc66d6f907864ff2a 2008.0/i586/mysql-5.0.45-7.2mdv2008.0.i586.rpm 3e204768691a5dc721c3c06d9304e748 2008.0/i586/mysql-bench-5.0.45-7.2mdv2008.0.i586.rpm fcaacf047dcab80fcd8eaec9e98e6edf 2008.0/i586/mysql-client-5.0.45-7.2mdv2008.0.i586.rpm c8ceff5ee5f62e4cb881b3102fb5f55d 2008.0/i586/mysql-common-5.0.45-7.2mdv2008.0.i586.rpm 3b16d86484d5af6f37f52d3f3fd45d43 2008.0/i586/mysql-max-5.0.45-7.2mdv2008.0.i586.rpm 2200e4602cf8665cb9d03584ded522c1 2008.0/i586/mysql-ndb-extra-5.0.45-7.2mdv2008.0.i586.rpm 10787f09ff4219df9be485b78ec6b6a2 2008.0/i586/mysql-ndb-management-5.0.45-7.2mdv2008.0.i586.rpm 3b61d7d7dee486c33d0c80cb7cb08cfa 2008.0/i586/mysql-ndb-storage-5.0.45-7.2mdv2008.0.i586.rpm 6b1a5f5634551b370b52072d8c72f32a 2008.0/i586/mysql-ndb-tools-5.0.45-7.2mdv2008.0.i586.rpm 4e88830ddc47197339424eed0b182542 2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
bd846e77dcc332aeabc87804a51dbfa0 2008.0/x86_64/lib64mysql-devel-5.0.45-7.2mdv2008.0.x86_64.rpm bf77fdd2232ad293d78ae9292062132e 2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.2mdv2008.0.x86_64.rpm 3056a37c767226f9b79d8010db4088bb 2008.0/x86_64/lib64mysql15-5.0.45-7.2mdv2008.0.x86_64.rpm 39136e88f94076453c6ebb40665b9afa 2008.0/x86_64/mysql-5.0.45-7.2mdv2008.0.x86_64.rpm 435e64cc3d4f3ccdae6bf24bde758c34 2008.0/x86_64/mysql-bench-5.0.45-7.2mdv2008.0.x86_64.rpm b36f345d0172cee3a927dffa89684ac0 2008.0/x86_64/mysql-client-5.0.45-7.2mdv2008.0.x86_64.rpm 913836ec3b4a50a7ebb02474382fa1e6 2008.0/x86_64/mysql-common-5.0.45-7.2mdv2008.0.x86_64.rpm 584ded4a650873d0953899976da600c4 2008.0/x86_64/mysql-max-5.0.45-7.2mdv2008.0.x86_64.rpm 0ab53478118d684710bcaece17ca9e4f 2008.0/x86_64/mysql-ndb-extra-5.0.45-7.2mdv2008.0.x86_64.rpm 4a7b1b5fb9ab0e81cd731e3a2ce9aa03 2008.0/x86_64/mysql-ndb-management-5.0.45-7.2mdv2008.0.x86_64.rpm 5e5cf00f23eb70799d677c758227f035 2008.0/x86_64/mysql-ndb-storage-5.0.45-7.2mdv2008.0.x86_64.rpm 442688c38754b05bbb655f2301fd253a 2008.0/x86_64/mysql-ndb-tools-5.0.45-7.2mdv2008.0.x86_64.rpm 4e88830ddc47197339424eed0b182542 2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.