Nom du paquet
mysql
Date
2008-01-19
Advisory ID
MDVSA-2008:017
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

MySQL 5.0.x did not update the DEFINER value of a view when the view
is altered, which allows remote authenticated users to gain privileges
via a sequence of statements including a CREATE SQL SECURITY DEFINER
VIEW statement and an ALTER VIEW statement (CVE-2007-6303).

The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).

The updated packages have been patched to correct these issues.

Updated packages

2008.0 i586

 064fdb51177ab133c998acdbc71e348e  2008.0/i586/libmysql-devel-5.0.45-7.2mdv2008.0.i586.rpm
 3cf962a1ea6d9606188d475837a80769  2008.0/i586/libmysql-static-devel-5.0.45-7.2mdv2008.0.i586.rpm
 c282c301f8b3701f5f1679232f6a77b2  2008.0/i586/libmysql15-5.0.45-7.2mdv2008.0.i586.rpm
 ca9a4284a8b0ca5bc66d6f907864ff2a  2008.0/i586/mysql-5.0.45-7.2mdv2008.0.i586.rpm
 3e204768691a5dc721c3c06d9304e748  2008.0/i586/mysql-bench-5.0.45-7.2mdv2008.0.i586.rpm
 fcaacf047dcab80fcd8eaec9e98e6edf  2008.0/i586/mysql-client-5.0.45-7.2mdv2008.0.i586.rpm
 c8ceff5ee5f62e4cb881b3102fb5f55d  2008.0/i586/mysql-common-5.0.45-7.2mdv2008.0.i586.rpm
 3b16d86484d5af6f37f52d3f3fd45d43  2008.0/i586/mysql-max-5.0.45-7.2mdv2008.0.i586.rpm
 2200e4602cf8665cb9d03584ded522c1  2008.0/i586/mysql-ndb-extra-5.0.45-7.2mdv2008.0.i586.rpm
 10787f09ff4219df9be485b78ec6b6a2  2008.0/i586/mysql-ndb-management-5.0.45-7.2mdv2008.0.i586.rpm
 3b61d7d7dee486c33d0c80cb7cb08cfa  2008.0/i586/mysql-ndb-storage-5.0.45-7.2mdv2008.0.i586.rpm
 6b1a5f5634551b370b52072d8c72f32a  2008.0/i586/mysql-ndb-tools-5.0.45-7.2mdv2008.0.i586.rpm 
 4e88830ddc47197339424eed0b182542  2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm

2008.0 x86_64

 bd846e77dcc332aeabc87804a51dbfa0  2008.0/x86_64/lib64mysql-devel-5.0.45-7.2mdv2008.0.x86_64.rpm
 bf77fdd2232ad293d78ae9292062132e  2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.2mdv2008.0.x86_64.rpm
 3056a37c767226f9b79d8010db4088bb  2008.0/x86_64/lib64mysql15-5.0.45-7.2mdv2008.0.x86_64.rpm
 39136e88f94076453c6ebb40665b9afa  2008.0/x86_64/mysql-5.0.45-7.2mdv2008.0.x86_64.rpm
 435e64cc3d4f3ccdae6bf24bde758c34  2008.0/x86_64/mysql-bench-5.0.45-7.2mdv2008.0.x86_64.rpm
 b36f345d0172cee3a927dffa89684ac0  2008.0/x86_64/mysql-client-5.0.45-7.2mdv2008.0.x86_64.rpm
 913836ec3b4a50a7ebb02474382fa1e6  2008.0/x86_64/mysql-common-5.0.45-7.2mdv2008.0.x86_64.rpm
 584ded4a650873d0953899976da600c4  2008.0/x86_64/mysql-max-5.0.45-7.2mdv2008.0.x86_64.rpm
 0ab53478118d684710bcaece17ca9e4f  2008.0/x86_64/mysql-ndb-extra-5.0.45-7.2mdv2008.0.x86_64.rpm
 4a7b1b5fb9ab0e81cd731e3a2ce9aa03  2008.0/x86_64/mysql-ndb-management-5.0.45-7.2mdv2008.0.x86_64.rpm
 5e5cf00f23eb70799d677c758227f035  2008.0/x86_64/mysql-ndb-storage-5.0.45-7.2mdv2008.0.x86_64.rpm
 442688c38754b05bbb655f2301fd253a  2008.0/x86_64/mysql-ndb-tools-5.0.45-7.2mdv2008.0.x86_64.rpm 
 4e88830ddc47197339424eed0b182542  2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm

References