[Full-Disclosure] [RHSA-2002:288-22] Updated MySQL packages fix various security issues

From: bugzillaat_private
Date: Wed Jan 15 2003 - 11:23:38 PST

  • Next message: dildog: "Re: Opentype font file causes Windows to restart." 

    ---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated MySQL packages fix various security issues
Advisory ID:       RHSA-2002:288-22
Issue date:        2003-01-15
Updated on:        2003-01-15
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2001:003
CVE Names:         CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376
---------------------------------------------------------------------

1. Topic:

Updated MySQL packages are available for Red Hat Linux 7, 7.1, 7.2, 7.3,
and 8.0 which fix security vulnerabilities found in the MySQL server.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server. While auditing
MySQL, Stefan Esser found security vulnerabilities that can be used to
crash the server or allow MySQL users to gain privileges.

A signed integer vulnerability in the COM_TABLE_DUMP package for MySQL
3.x to 3.23.53a  allows remote attackers to cause a denial of service
(crash or hang) in mysqld by causing large negative integers to be provided
to a memcpy call.  (CAN-2002-1373)

The COM_CHANGE_USER command in MySQL 3.x to 3.23.53a and 4.x to
4.0.5a allows a remote attacker to gain privileges via a brute force
attack using a one-character password, which causes MySQL to only compare
the provided password against the first character of the real
password. (CAN-2002-1374)

The COM_CHANGE_USER command in MySQL 3.x to 3.23.53a and 4.x to
4.0.5a allows remote attackers to execute arbitrary code via a long
response.  (CAN-2002-1375)

The MySQL client library (libmysqlclient) in MySQL 3.x to 3.23.53a and 4.x
to 4.0.5a does not properly verify length fields for certain responses
in the read_rows or read_one_row routines, which allows a malicious server
to cause a denial of service and possibly execute arbitrary
code.  (CAN-2002-1376)

Red Hat Linux 7, 7.1, 7.2, 7.3, and 8.0 contain versions of MySQL that
are vulnerable to these issues. All users of MySQL are advised to upgrade
to the erratum packages containing MySQL 3.23.54a which is not vulnerable
to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

79606 - Several vulnerabilities within (lib)MySQL could allow (remote) compromise of client and/or server.

6. RPMs required:

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/mysql-3.23.54a-3.70.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/mysql-3.23.54a-3.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mysql-devel-3.23.54a-3.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mysql-server-3.23.54a-3.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mysql-3.23.54a-3.71.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/mysql-3.23.54a-3.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-devel-3.23.54a-3.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-server-3.23.54a-3.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mysql-3.23.54a-3.72.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/mysql-3.23.54a-3.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-devel-3.23.54a-3.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-server-3.23.54a-3.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-3.23.54a-3.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-devel-3.23.54a-3.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-server-3.23.54a-3.72.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mysql-3.23.54a-3.73.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/mysql-3.23.54a-3.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-devel-3.23.54a-3.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-server-3.23.54a-3.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mysql-3.23.54a-4.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/mysql-3.23.54a-4.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-devel-3.23.54a-4.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-server-3.23.54a-4.i386.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
5dd77d69e22ed43e0ff28b29b8e44e92 7.0/en/os/SRPMS/mysql-3.23.54a-3.70.src.rpm
9c782173b553a1998d317c2477ed3247 7.0/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
a06746956383b4f2d01728809225df64 7.0/en/os/i386/mysql-3.23.54a-3.70.i386.rpm
f122e1fb596b8f35621549123e177720 7.0/en/os/i386/mysql-devel-3.23.54a-3.70.i386.rpm
9b1c91cbd8b38f9964b06825e50931f9 7.0/en/os/i386/mysql-server-3.23.54a-3.70.i386.rpm
649000787148d19b8019919535845680 7.0/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
e58fe98ddb3c8ac698ebc92ca8150b72 7.1/en/os/SRPMS/mysql-3.23.54a-3.71.src.rpm
9c782173b553a1998d317c2477ed3247 7.1/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
240ec3da00638e7659af70c288aa04ba 7.1/en/os/i386/mysql-3.23.54a-3.71.i386.rpm
a0b0060873f65a62e8f9a3e15aed64b6 7.1/en/os/i386/mysql-devel-3.23.54a-3.71.i386.rpm
01e625385fc064f3440ffc4c2b78f4b8 7.1/en/os/i386/mysql-server-3.23.54a-3.71.i386.rpm
649000787148d19b8019919535845680 7.1/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
d18c6f59453525e47fdcc1575a1e8093 7.2/en/os/SRPMS/mysql-3.23.54a-3.72.src.rpm
9c782173b553a1998d317c2477ed3247 7.2/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
8e5c91af905cda89d589162004f758c3 7.2/en/os/i386/mysql-3.23.54a-3.72.i386.rpm
516a9e98cd4574ee187f5ea5c1b42716 7.2/en/os/i386/mysql-devel-3.23.54a-3.72.i386.rpm
7feb019bec0fce4f0e7a39b5f4df6de3 7.2/en/os/i386/mysql-server-3.23.54a-3.72.i386.rpm
649000787148d19b8019919535845680 7.2/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
9587426ae471e596b8b3f90ef0b9ad3c 7.2/en/os/ia64/mysql-3.23.54a-3.72.ia64.rpm
7ffeed598fdc805f21f5adf3b01cc4eb 7.2/en/os/ia64/mysql-devel-3.23.54a-3.72.ia64.rpm
4e848cbb1ad6375638a55b20242df741 7.2/en/os/ia64/mysql-server-3.23.54a-3.72.ia64.rpm
57f593d5fb5e21cff6ce65f934fe9dca 7.3/en/os/SRPMS/mysql-3.23.54a-3.73.src.rpm
9c782173b553a1998d317c2477ed3247 7.3/en/os/SRPMS/mysqlclient9-3.23.22-8.src.rpm
0b39e3e5ee05d1daedb9e2146df24aaa 7.3/en/os/i386/mysql-3.23.54a-3.73.i386.rpm
1dd4afbca391e33250b2727b623123c8 7.3/en/os/i386/mysql-devel-3.23.54a-3.73.i386.rpm
62ade60f13d7d53eb7a791249688cfdb 7.3/en/os/i386/mysql-server-3.23.54a-3.73.i386.rpm
649000787148d19b8019919535845680 7.3/en/os/i386/mysqlclient9-3.23.22-8.i386.rpm
bbfa3dec0f70825e7f8277c85db2296a 8.0/en/os/SRPMS/mysql-3.23.54a-4.src.rpm
e6aa4bfefb78db997f40ccb8e8815fcc 8.0/en/os/i386/mysql-3.23.54a-4.i386.rpm
8340813723029e6bca15cebce9a59c6f 8.0/en/os/i386/mysql-devel-3.23.54a-4.i386.rpm
44c0dab242a5a26db0c139db6a371b02 8.0/en/os/i386/mysql-server-3.23.54a-4.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://security.e-matters.de/advisories/042002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1376

9. Contact:

The Red Hat security contact is <securityat_private>.  More contact
details at http://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

    This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 11:38:38 PST