88444 2003-01-21 07:48 /220 rader/ <bugzilla@redhat.com>
Importerad: 2003-01-21 07:48 av Brevbäraren
Extern mottagare: redhat-watch-list@redhat.com
Extern mottagare: redhat-announce-list@redhat.com
Mottagare: Bugtraq (import) <3106>
Ärende: [RHSA-2002:288-22] Updated MySQL packages fix various security issues
------------------------------------------------------------
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated MySQL packages fix various security issues
Advisory ID: RHSA-2002:288-22
Issue date: 2003-01-15
Updated on: 2003-01-15
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2001:003
CVE Names: CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376
---------------------------------------------------------------------
1. Topic:
Updated MySQL packages are available for Red Hat Linux 7, 7.1, 7.2,
7.3, and 8.0 which fix security vulnerabilities found in the MySQL
server.
2. Relevant releases/architectures:
Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
3. Problem description:
MySQL is a multi-user, multi-threaded SQL database server. While
auditing MySQL, Stefan Esser found security vulnerabilities that can
be used to crash the server or allow MySQL users to gain privileges.
A signed integer vulnerability in the COM_TABLE_DUMP package for
MySQL 3.x to 3.23.53a allows remote attackers to cause a denial of
service (crash or hang) in mysqld by causing large negative integers
to be provided to a memcpy call. (CAN-2002-1373)
The COM_CHANGE_USER command in MySQL 3.x to 3.23.53a and 4.x to
4.0.5a allows a remote attacker to gain privileges via a brute force
attack using a one-character password, which causes MySQL to only
compare the provided password against the first character of the real
password. (CAN-2002-1374)
The COM_CHANGE_USER command in MySQL 3.x to 3.23.53a and 4.x to
4.0.5a allows remote attackers to execute arbitrary code via a long
response. (CAN-2002-1375)
The MySQL client library (libmysqlclient) in MySQL 3.x to 3.23.53a
and 4.x to 4.0.5a does not properly verify length fields for certain
responses in the read_rows or read_one_row routines, which allows a
malicious server to cause a denial of service and possibly execute
arbitrary code. (CAN-2002-1376)
Red Hat Linux 7, 7.1, 7.2, 7.3, and 8.0 contain versions of MySQL
that are vulnerable to these issues. All users of MySQL are advised
to upgrade to the erratum packages containing MySQL 3.23.54a which is
not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only
those RPMs which are currently installed will be updated. Those RPMs
which are not installed but included in the list will not be updated.
Note that you can also use wildcards (*.rpm) if your current
directory *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network.
Many people find this an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
79606 - Several vulnerabilities within (lib)MySQL could allow
(remote) compromise of client and/or server.
6. RPMs required:
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/mysql-3.23.54a-3.70.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/mysql-3.23.54a-3.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mysql-devel-3.23.54a-3.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mysql-server-3.23.54a-3.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mysql-3.23.54a-3.71.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/mysql-3.23.54a-3.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-devel-3.23.54a-3.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-server-3.23.54a-3.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mysql-3.23.54a-3.72.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/mysql-3.23.54a-3.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-devel-3.23.54a-3.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-server-3.23.54a-3.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-3.23.54a-3.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-devel-3.23.54a-3.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-server-3.23.54a-3.72.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mysql-3.23.54a-3.73.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/mysql-3.23.54a-3.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-devel-3.23.54a-3.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-server-3.23.54a-3.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mysql-3.23.54a-4.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/mysql-3.23.54a-4.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-devel-3.23.54a-4.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-server-3.23.54a-4.i386.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
5dd77d69e22ed43e0ff28b29b8e44e92 7.0/en/os/SRPMS/mysql-3.23.54a-3.70.src.rpm
9c782173b553a1998d317c2477ed3247 7.0/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
a06746956383b4f2d01728809225df64 7.0/en/os/i386/mysql-3.23.54a-3.70.i386.rpm
f122e1fb596b8f35621549123e177720 7.0/en/os/i386/mysql-devel-3.23.54a-3.70.i386.rpm
9b1c91cbd8b38f9964b06825e50931f9 7.0/en/os/i386/mysql-server-3.23.54a-3.70.i386.rpm
649000787148d19b8019919535845680 7.0/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
e58fe98ddb3c8ac698ebc92ca8150b72 7.1/en/os/SRPMS/mysql-3.23.54a-3.71.src.rpm
9c782173b553a1998d317c2477ed3247 7.1/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
240ec3da00638e7659af70c288aa04ba 7.1/en/os/i386/mysql-3.23.54a-3.71.i386.rpm
a0b0060873f65a62e8f9a3e15aed64b6 7.1/en/os/i386/mysql-devel-3.23.54a-3.71.i386.rpm
01e625385fc064f3440ffc4c2b78f4b8 7.1/en/os/i386/mysql-server-3.23.54a-3.71.i386.rpm
649000787148d19b8019919535845680 7.1/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
d18c6f59453525e47fdcc1575a1e8093 7.2/en/os/SRPMS/mysql-3.23.54a-3.72.src.rpm
9c782173b553a1998d317c2477ed3247 7.2/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
8e5c91af905cda89d589162004f758c3 7.2/en/os/i386/mysql-3.23.54a-3.72.i386.rpm
516a9e98cd4574ee187f5ea5c1b42716 7.2/en/os/i386/mysql-devel-3.23.54a-3.72.i386.rpm
7feb019bec0fce4f0e7a39b5f4df6de3 7.2/en/os/i386/mysql-server-3.23.54a-3.72.i386.rpm
649000787148d19b8019919535845680 7.2/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
9587426ae471e596b8b3f90ef0b9ad3c 7.2/en/os/ia64/mysql-3.23.54a-3.72.ia64.rpm
7ffeed598fdc805f21f5adf3b01cc4eb 7.2/en/os/ia64/mysql-devel-3.23.54a-3.72.ia64.rpm
4e848cbb1ad6375638a55b20242df741 7.2/en/os/ia64/mysql-server-3.23.54a-3.72.ia64.rpm
57f593d5fb5e21cff6ce65f934fe9dca 7.3/en/os/SRPMS/mysql-3.23.54a-3.73.src.rpm
9c782173b553a1998d317c2477ed3247 7.3/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
0b39e3e5ee05d1daedb9e2146df24aaa 7.3/en/os/i386/mysql-3.23.54a-3.73.i386.rpm
1dd4afbca391e33250b2727b623123c8 7.3/en/os/i386/mysql-devel-3.23.54a-3.73.i386.rpm
62ade60f13d7d53eb7a791249688cfdb 7.3/en/os/i386/mysql-server-3.23.54a-3.73.i386.rpm
649000787148d19b8019919535845680 7.3/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
bbfa3dec0f70825e7f8277c85db2296a 8.0/en/os/SRPMS/mysql-3.23.54a-4.src.rpm
e6aa4bfefb78db997f40ccb8e8815fcc 8.0/en/os/i386/mysql-3.23.54a-4.i386.rpm
8340813723029e6bca15cebce9a59c6f 8.0/en/os/i386/mysql-devel-3.23.54a-4.i386.rpm
44c0dab242a5a26db0c139db6a371b02 8.0/en/os/i386/mysql-server-3.23.54a-4.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
8. References:
http://security.e-matters.de/advisories/042002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1376
9. Contact:
The Red Hat security contact is <security@redhat.com>. More contact
details at http://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
(88444) / <bugzilla@redhat.com>/----------(Ombruten)