Security Advisory mysql security update

Advisory: RHSA-2005:685-5
Type: Security Advisory
Severity: Low
Issued on: 2005-10-05
Last updated on: 2005-10-05
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-1636

Details

Updated mysql packages that fix a temporary file flaw and a number of bugs
are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.

An insecure temporary file handling bug was found in the mysql_install_db
script. It is possible for a local user to create specially crafted files
in /tmp which could allow them to execute arbitrary SQL commands during
database installation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1636 to this issue.

These packages update mysql to version 4.1.12, fixing a number of problems.
Also, support for SSL-encrypted connections to the database server is now
provided.

All users of mysql are advised to upgrade to these updated packages.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
mysql-4.1.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2008:0768		     06e04af590c86c1563668213e4d9a2af
 
IA-32:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     020b65a1397177687bd7455a2946739e
mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6db5ab9c7b09d927988e39a9d53b8261
mysql-server-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6694cc9ad90191d03cdc67ad9614d26c
 
x86_64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c93a847cf892e5b9ff0941221dc17891
mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     d28e2f3914e10b19212b969193c20386
mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c4bc3aa53d8f14d35c13f6bff7cd9d9c
mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c8426a10d3f2a56ccf30eae19dc78a01
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
mysql-4.1.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2008:0768		     06e04af590c86c1563668213e4d9a2af
 
IA-32:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     020b65a1397177687bd7455a2946739e
mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6db5ab9c7b09d927988e39a9d53b8261
mysql-server-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6694cc9ad90191d03cdc67ad9614d26c
 
IA-64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     bb35d80e1f827aa5de0f01aee29faa6a
mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     47cb300d4bf12c8563eb1c8babfd103b
mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     47f9b68213f3037db70832795eb3a5b0
mysql-server-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     0613e4169cee5ac1bde69212803b6aaa
 
PPC:
mysql-4.1.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     b54a2d7a5a9029db69c3cf0307003f8d
mysql-4.1.12-3.RHEL4.1.ppc64.rpm
File outdated by:  RHSA-2008:0768		     9d53cef62c768f37a223d90cafdfe4c4
mysql-bench-4.1.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     7a0d7f6729411842fbcab18a558c25f9
mysql-devel-4.1.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     ff15dfca4f080127a684753711c2c705
mysql-server-4.1.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     5e18e3db31abbd644f798537b505febd
 
s390:
mysql-4.1.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     a4f9deb608170942ef88157f16bc9559
mysql-bench-4.1.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     cf62bace4cd06dab150abd0571b6e927
mysql-devel-4.1.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     54fa0f151e8322cfb0f677bbf3a0d618
mysql-server-4.1.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     b302582504491c3fcdf496ed13b20c3f
 
s390x:
mysql-4.1.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     a4f9deb608170942ef88157f16bc9559
mysql-4.1.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     6882bb7f89b988c796c5694c6e133921
mysql-bench-4.1.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     7997f5fa03a7cb80c1e8da506f82a61f
mysql-devel-4.1.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     0d61968abd9ae0d268ee77a7f893427e
mysql-server-4.1.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     18ff4f1f10b15f1446e3bac9d5f16aa0
 
x86_64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c93a847cf892e5b9ff0941221dc17891
mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     d28e2f3914e10b19212b969193c20386
mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c4bc3aa53d8f14d35c13f6bff7cd9d9c
mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c8426a10d3f2a56ccf30eae19dc78a01
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
mysql-4.1.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2008:0768		     06e04af590c86c1563668213e4d9a2af
 
IA-32:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     020b65a1397177687bd7455a2946739e
mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6db5ab9c7b09d927988e39a9d53b8261
mysql-server-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6694cc9ad90191d03cdc67ad9614d26c
 
IA-64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     bb35d80e1f827aa5de0f01aee29faa6a
mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     47cb300d4bf12c8563eb1c8babfd103b
mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     47f9b68213f3037db70832795eb3a5b0
mysql-server-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     0613e4169cee5ac1bde69212803b6aaa
 
x86_64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c93a847cf892e5b9ff0941221dc17891
mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     d28e2f3914e10b19212b969193c20386
mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c4bc3aa53d8f14d35c13f6bff7cd9d9c
mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c8426a10d3f2a56ccf30eae19dc78a01
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
mysql-4.1.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2008:0768		     06e04af590c86c1563668213e4d9a2af
 
IA-32:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-bench-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     020b65a1397177687bd7455a2946739e
mysql-devel-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6db5ab9c7b09d927988e39a9d53b8261
mysql-server-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     6694cc9ad90191d03cdc67ad9614d26c
 
IA-64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     bb35d80e1f827aa5de0f01aee29faa6a
mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     47cb300d4bf12c8563eb1c8babfd103b
mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     47f9b68213f3037db70832795eb3a5b0
mysql-server-4.1.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     0613e4169cee5ac1bde69212803b6aaa
 
x86_64:
mysql-4.1.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     d42c715e724da17f9e1bdd922fdb2f34
mysql-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c93a847cf892e5b9ff0941221dc17891
mysql-bench-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     d28e2f3914e10b19212b969193c20386
mysql-devel-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c4bc3aa53d8f14d35c13f6bff7cd9d9c
mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     c8426a10d3f2a56ccf30eae19dc78a01
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

158688 - CAN-2005-1636 mysql insecure temporary file creation
163694 - Parser issue with subqueries involving unions


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/