Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.1036 -- [RedHat]
Important: mysql security update
20 December 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mysql
Publisher: Red Hat
Operating System: Red Hat Linux 5
Red Hat Linux 4
Impact: Increased Privileges
Overwrite Arbitrary Files
Read-only Data Access
Denial of Service
Access: Existing Account
CVE Names: CVE-2007-6303 CVE-2007-5969 CVE-2007-5925
Ref: ESB-2007.0985
ESB-2007.0949
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-1157.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: mysql security update
Advisory ID: RHSA-2007:1157-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1157.html
Issue date: 2007-12-19
Updated on: 2007-12-19
Product: Red Hat Application Stack
CVE Names: CVE-2007-5969 CVE-2007-5925 CVE-2007-6303
- - ---------------------------------------------------------------------
1. Summary:
Updated mysql packages that fix several security issues are now available
for Red Hat Application Stack v1 and v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64
3. Problem description:
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld), and
many different client programs and libraries.
A flaw was found in a way MySQL handled symbolic links when database tables
were created with explicit "DATA" and "INDEX DIRECTORY" options. An
authenticated user could create a table that would overwrite tables in
other databases, causing destruction of data or allowing the user to
elevate privileges. (CVE-2007-5969)
A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An
authenticated user could create a table with spatial indexes, which are not
supported by the InnoDB engine, that would cause the mysql daemon to crash
when used. This issue only causes a temporary denial of service, as the
mysql daemon will be automatically restarted after the crash.
(CVE-2007-5925)
A flaw was found in a way MySQL handled the "DEFINER" view parameter. A
user with the "ALTER VIEW" privilege for a view created by another database
user, could modify that view to get access to any data accessible to the
creator of said view. (CVE-2007-6303)
All mysql users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
377451 - CVE-2007-5925 mysql DoS in the InnoDB Engine
397071 - CVE-2007-5969 mysql: possible system table information overwrite using symlinks
420231 - CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/mysql-5.0.44-2.el4s1.1.src.rpm
ca84729dbb47b6733cde3b385ca3773d mysql-5.0.44-2.el4s1.1.src.rpm
i386:
d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm
2da466fc2754b6b4bb279f7181d7cf37 mysql-bench-5.0.44-2.el4s1.1.i386.rpm
8f6c64281708ba3ad7eaaf6948762fc1 mysql-cluster-5.0.44-2.el4s1.1.i386.rpm
a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm
72a2d26bf19cc79d0a9c4f94658b00d0 mysql-devel-5.0.44-2.el4s1.1.i386.rpm
c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm
8e9bb1932f851006a5a4e3f586c8b148 mysql-server-5.0.44-2.el4s1.1.i386.rpm
80ebb4bc395e2338b2175188d636e81f mysql-test-5.0.44-2.el4s1.1.i386.rpm
x86_64:
d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm
8b3674d07d0de7131ca61d0e5b82d9d4 mysql-5.0.44-2.el4s1.1.x86_64.rpm
e32256754d35b2f741cf023d313db803 mysql-bench-5.0.44-2.el4s1.1.x86_64.rpm
0433ff7e161e6166069b990ed5e5adc0 mysql-cluster-5.0.44-2.el4s1.1.x86_64.rpm
a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm
4a6bd81a3ca36b47a5c7eb7289d9c69a mysql-debuginfo-5.0.44-2.el4s1.1.x86_64.rpm
706271c5eb07ec0862ffb6cd820f15c0 mysql-devel-5.0.44-2.el4s1.1.x86_64.rpm
c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm
ea65b280ea61b2c8aae57ebad1bd5748 mysql-libs-5.0.44-2.el4s1.1.x86_64.rpm
064abb6df8f7272d1a91ca890fefe1ff mysql-server-5.0.44-2.el4s1.1.x86_64.rpm
81b83016558b08b4558f3b04dd681b19 mysql-test-5.0.44-2.el4s1.1.x86_64.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/mysql-5.0.44-2.el4s1.1.src.rpm
ca84729dbb47b6733cde3b385ca3773d mysql-5.0.44-2.el4s1.1.src.rpm
i386:
d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm
2da466fc2754b6b4bb279f7181d7cf37 mysql-bench-5.0.44-2.el4s1.1.i386.rpm
8f6c64281708ba3ad7eaaf6948762fc1 mysql-cluster-5.0.44-2.el4s1.1.i386.rpm
a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm
72a2d26bf19cc79d0a9c4f94658b00d0 mysql-devel-5.0.44-2.el4s1.1.i386.rpm
c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm
8e9bb1932f851006a5a4e3f586c8b148 mysql-server-5.0.44-2.el4s1.1.i386.rpm
80ebb4bc395e2338b2175188d636e81f mysql-test-5.0.44-2.el4s1.1.i386.rpm
x86_64:
d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm
8b3674d07d0de7131ca61d0e5b82d9d4 mysql-5.0.44-2.el4s1.1.x86_64.rpm
e32256754d35b2f741cf023d313db803 mysql-bench-5.0.44-2.el4s1.1.x86_64.rpm
0433ff7e161e6166069b990ed5e5adc0 mysql-cluster-5.0.44-2.el4s1.1.x86_64.rpm
a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm
4a6bd81a3ca36b47a5c7eb7289d9c69a mysql-debuginfo-5.0.44-2.el4s1.1.x86_64.rpm
706271c5eb07ec0862ffb6cd820f15c0 mysql-devel-5.0.44-2.el4s1.1.x86_64.rpm
c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm
ea65b280ea61b2c8aae57ebad1bd5748 mysql-libs-5.0.44-2.el4s1.1.x86_64.rpm
064abb6df8f7272d1a91ca890fefe1ff mysql-server-5.0.44-2.el4s1.1.x86_64.rpm
81b83016558b08b4558f3b04dd681b19 mysql-test-5.0.44-2.el4s1.1.x86_64.rpm
Red Hat Application Stack v2 for Enterprise Linux (v.5):
SRPMS:
ftp://updates.redhat.com/enterprise//en/RHWAS/SRPMS/mysql-5.0.44-3.el5s2.src.rpm
9b9b957fe2d29d198f27f956dedb31fe mysql-5.0.44-3.el5s2.src.rpm
i386:
cf1887c176b79fe704600f2bdc163474 mysql-5.0.44-3.el5s2.i386.rpm
1753693081423dc9841979b5564b58ff mysql-bench-5.0.44-3.el5s2.i386.rpm
3be4ca88aa307cb4fd3ad786852782ec mysql-cluster-5.0.44-3.el5s2.i386.rpm
d9621538bdd467798c1016936fe3bcae mysql-debuginfo-5.0.44-3.el5s2.i386.rpm
dcacca0a00f7eb14bdcebd1f943c47e7 mysql-devel-5.0.44-3.el5s2.i386.rpm
809ff153137e95e27fd771c1be590dfc mysql-libs-5.0.44-3.el5s2.i386.rpm
a7a65b019b44f9c016739b5818dbf46b mysql-server-5.0.44-3.el5s2.i386.rpm
1a40e64039df2a50d68c22cbbb88edbf mysql-test-5.0.44-3.el5s2.i386.rpm
x86_64:
cf1887c176b79fe704600f2bdc163474 mysql-5.0.44-3.el5s2.i386.rpm
cc9549cea809112110f1ec76cfbee1d8 mysql-5.0.44-3.el5s2.x86_64.rpm
c20fc6b7e24a6928e7f080cfba9d98dd mysql-bench-5.0.44-3.el5s2.x86_64.rpm
9ae5003039deb5772fb954ed1440cbcc mysql-cluster-5.0.44-3.el5s2.x86_64.rpm
d9621538bdd467798c1016936fe3bcae mysql-debuginfo-5.0.44-3.el5s2.i386.rpm
1e76cbe8a731f04266502d54a5506a47 mysql-debuginfo-5.0.44-3.el5s2.x86_64.rpm
dcacca0a00f7eb14bdcebd1f943c47e7 mysql-devel-5.0.44-3.el5s2.i386.rpm
823725665e22e44533177134487d9f0f mysql-devel-5.0.44-3.el5s2.x86_64.rpm
809ff153137e95e27fd771c1be590dfc mysql-libs-5.0.44-3.el5s2.i386.rpm
b66ef3e045f403152d0451ae0bee8e39 mysql-libs-5.0.44-3.el5s2.x86_64.rpm
cb45dec1b2d708e62955c4017f663036 mysql-server-5.0.44-3.el5s2.x86_64.rpm
902c6e1e350ae925d5de24c5e13f0418 mysql-test-5.0.44-3.el5s2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHaUM+XlSAg2UNWIIRAtDSAKCM7s75ag8eIliaC/8YXrBYmHdaWACgjbQx
3pISyq8SjHZpfV45rzfXIAQ=
=DACv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR2nTkyh9+71yA2DNAQKAIAP/Tq3napTolUmWXrdcyhByWzzL4eq7hp0d
FRSswiFDIZdVPPfBJwMF+OvZlrDZRJjx7Ox8RxzUGR9UlAzh2dpWwBuxAC/etWuc
XiCxeT4wNutyz/dA72hRbcxHnFHB+DU9ENXhAbpl4oqxDaDVDZybWMfrg4jIY1bK
G/WUwyWtarU=
=lFbG
-----END PGP SIGNATURE-----