Security Advisory Moderate: mysql security update

Advisory: RHSA-2007:0152-2
Type: Security Advisory
Severity: Moderate
Issued on: 2007-04-03
Last updated on: 2007-04-03
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20070152.xml
CVEs (cve.mitre.org): CVE-2006-4226

Details

Updated mysql packages that fix a security flaw are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld) and
many different client programs and libraries.

A flaw was found in the way MySQL handled case sensitive database names. A
user with the ability to create databases could gain unauthorized access to
other databases hosted by the MySQL server. (CVE-2006-4226)

This flaw does not affect the version of MySQL distributed with Red Hat
Enterprise Linux 2.1, 3, or 5.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain a backported patch which fixes this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
mysql-4.1.20-2.RHEL4.1.src.rpm     6c7f8075f117be3e16833db1169c084a
 
IA-32:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-bench-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     826c5a83fc373d25d3cf5fd59b66a4a0
mysql-devel-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     87a1443bb37a3db76bd81ef225ad43c0
mysql-server-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     8b01c92ea2bddffe3eae6b3da54d41dc
 
x86_64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     a1634953cd1be078a0af0e0b8c42b50e
mysql-bench-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     29275638e0c420d8d859b087155db196
mysql-devel-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     fe4593105f2cb95aeaad60bd11b5bbad
mysql-server-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     da55ebb822229a8c15660c763737dff8
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
mysql-4.1.20-2.RHEL4.1.src.rpm     6c7f8075f117be3e16833db1169c084a
 
IA-32:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-bench-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     826c5a83fc373d25d3cf5fd59b66a4a0
mysql-devel-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     87a1443bb37a3db76bd81ef225ad43c0
mysql-server-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     8b01c92ea2bddffe3eae6b3da54d41dc
 
IA-64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     e8b5e4be135fcfe41ec0c17b9b7454c9
mysql-bench-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     729494527ddbc0baba8d3bfdcb7c9fb1
mysql-devel-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     be0d10aec73081c39fea2936a7e6247c
mysql-server-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     cbd5e40ade56eee5725a78089dadbfcd
 
PPC:
mysql-4.1.20-2.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     06050350191dcfa02bf1992a172c89ff
mysql-4.1.20-2.RHEL4.1.ppc64.rpm
File outdated by:  RHSA-2008:0768		     67828e4ea169bca5117cd259e23f3d0b
mysql-bench-4.1.20-2.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     e09f97506031cd8c3c0f1cec6ff86afb
mysql-devel-4.1.20-2.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     ada8633133ee7733144a70ce606f1608
mysql-server-4.1.20-2.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2008:0768		     ddd7c96555967d2e620420e7ca5c4bde
 
s390:
mysql-4.1.20-2.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     7437a06a1fe40799113d55cb2528be69
mysql-bench-4.1.20-2.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     77a0e7b3538c9a0b4bd036031a5beff0
mysql-devel-4.1.20-2.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     063e45c5005e7495d5412cff0ce10479
mysql-server-4.1.20-2.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     15a47f88b75f3a1106c001364e9089db
 
s390x:
mysql-4.1.20-2.RHEL4.1.s390.rpm
File outdated by:  RHSA-2008:0768		     7437a06a1fe40799113d55cb2528be69
mysql-4.1.20-2.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     84a23520166f1724152a7011ac5acc6d
mysql-bench-4.1.20-2.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     92ed2bd7d10af251091ce1328d61d882
mysql-devel-4.1.20-2.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     002e3124325cb7e56cf95aa23a12200e
mysql-server-4.1.20-2.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2008:0768		     142afd7330c2963edb92eaf40511ddb6
 
x86_64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     a1634953cd1be078a0af0e0b8c42b50e
mysql-bench-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     29275638e0c420d8d859b087155db196
mysql-devel-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     fe4593105f2cb95aeaad60bd11b5bbad
mysql-server-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     da55ebb822229a8c15660c763737dff8
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
mysql-4.1.20-2.RHEL4.1.src.rpm     6c7f8075f117be3e16833db1169c084a
 
IA-32:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-bench-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     826c5a83fc373d25d3cf5fd59b66a4a0
mysql-devel-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     87a1443bb37a3db76bd81ef225ad43c0
mysql-server-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     8b01c92ea2bddffe3eae6b3da54d41dc
 
IA-64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     e8b5e4be135fcfe41ec0c17b9b7454c9
mysql-bench-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     729494527ddbc0baba8d3bfdcb7c9fb1
mysql-devel-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     be0d10aec73081c39fea2936a7e6247c
mysql-server-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     cbd5e40ade56eee5725a78089dadbfcd
 
x86_64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     a1634953cd1be078a0af0e0b8c42b50e
mysql-bench-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     29275638e0c420d8d859b087155db196
mysql-devel-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     fe4593105f2cb95aeaad60bd11b5bbad
mysql-server-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     da55ebb822229a8c15660c763737dff8
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
mysql-4.1.20-2.RHEL4.1.src.rpm     6c7f8075f117be3e16833db1169c084a
 
IA-32:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-bench-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     826c5a83fc373d25d3cf5fd59b66a4a0
mysql-devel-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     87a1443bb37a3db76bd81ef225ad43c0
mysql-server-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     8b01c92ea2bddffe3eae6b3da54d41dc
 
IA-64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     e8b5e4be135fcfe41ec0c17b9b7454c9
mysql-bench-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     729494527ddbc0baba8d3bfdcb7c9fb1
mysql-devel-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     be0d10aec73081c39fea2936a7e6247c
mysql-server-4.1.20-2.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2008:0768		     cbd5e40ade56eee5725a78089dadbfcd
 
x86_64:
mysql-4.1.20-2.RHEL4.1.i386.rpm
File outdated by:  RHSA-2008:0768		     e8da68fdd73da636b0d13d0704a187bf
mysql-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     a1634953cd1be078a0af0e0b8c42b50e
mysql-bench-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     29275638e0c420d8d859b087155db196
mysql-devel-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     fe4593105f2cb95aeaad60bd11b5bbad
mysql-server-4.1.20-2.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2008:0768		     da55ebb822229a8c15660c763737dff8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

203426 - CVE-2006-4226 mysql-server create database privilege escalation


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4226
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/