Skip to navigation

Security Advisory Important: mysql security update

Advisory: RHSA-2007:1157-7
Type: Security Advisory
Severity: Important
Issued on: 2007-12-19
Last updated on: 2007-12-19
Affected Products: Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
Red Hat Application Stack v2
CVEs (cve.mitre.org): CVE-2007-5925
CVE-2007-5969
CVE-2007-6303

Details

Updated mysql packages that fix several security issues are now available
for Red Hat Application Stack v1 and v2.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld), and
many different client programs and libraries.

A flaw was found in a way MySQL handled symbolic links when database tables
were created with explicit "DATA" and "INDEX DIRECTORY" options. An
authenticated user could create a table that would overwrite tables in
other databases, causing destruction of data or allowing the user to
elevate privileges. (CVE-2007-5969)

A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An
authenticated user could create a table with spatial indexes, which are not
supported by the InnoDB engine, that would cause the mysql daemon to crash
when used. This issue only causes a temporary denial of service, as the
mysql daemon will be automatically restarted after the crash.
(CVE-2007-5925)

A flaw was found in a way MySQL handled the "DEFINER" view parameter. A
user with the "ALTER VIEW" privilege for a view created by another database
user, could modify that view to get access to any data accessible to the
creator of said view. (CVE-2007-6303)

All mysql users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)

SRPMS:
mysql-5.0.44-2.el4s1.1.src.rpm
File outdated by:  RHEA-2008:0975
    MD5: ca84729dbb47b6733cde3b385ca3773d
 
IA-32:
mysql-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: d71440ea3ee98d1d6481457b0cfcd7eb
mysql-bench-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 2da466fc2754b6b4bb279f7181d7cf37
mysql-cluster-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 8f6c64281708ba3ad7eaaf6948762fc1
mysql-devel-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 72a2d26bf19cc79d0a9c4f94658b00d0
mysql-libs-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: c77211698fb1ce60be43744acc28a546
mysql-server-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 8e9bb1932f851006a5a4e3f586c8b148
mysql-test-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 80ebb4bc395e2338b2175188d636e81f
 
x86_64:
mysql-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: d71440ea3ee98d1d6481457b0cfcd7eb
mysql-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 8b3674d07d0de7131ca61d0e5b82d9d4
mysql-bench-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: e32256754d35b2f741cf023d313db803
mysql-cluster-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 0433ff7e161e6166069b990ed5e5adc0
mysql-devel-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 706271c5eb07ec0862ffb6cd820f15c0
mysql-libs-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: c77211698fb1ce60be43744acc28a546
mysql-libs-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: ea65b280ea61b2c8aae57ebad1bd5748
mysql-server-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 064abb6df8f7272d1a91ca890fefe1ff
mysql-test-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 81b83016558b08b4558f3b04dd681b19
 
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)

SRPMS:
mysql-5.0.44-2.el4s1.1.src.rpm
File outdated by:  RHEA-2008:0975
    MD5: ca84729dbb47b6733cde3b385ca3773d
 
IA-32:
mysql-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: d71440ea3ee98d1d6481457b0cfcd7eb
mysql-bench-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 2da466fc2754b6b4bb279f7181d7cf37
mysql-cluster-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 8f6c64281708ba3ad7eaaf6948762fc1
mysql-devel-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 72a2d26bf19cc79d0a9c4f94658b00d0
mysql-libs-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: c77211698fb1ce60be43744acc28a546
mysql-server-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 8e9bb1932f851006a5a4e3f586c8b148
mysql-test-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 80ebb4bc395e2338b2175188d636e81f
 
x86_64:
mysql-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: d71440ea3ee98d1d6481457b0cfcd7eb
mysql-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 8b3674d07d0de7131ca61d0e5b82d9d4
mysql-bench-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: e32256754d35b2f741cf023d313db803
mysql-cluster-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 0433ff7e161e6166069b990ed5e5adc0
mysql-devel-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 706271c5eb07ec0862ffb6cd820f15c0
mysql-libs-5.0.44-2.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: c77211698fb1ce60be43744acc28a546
mysql-libs-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: ea65b280ea61b2c8aae57ebad1bd5748
mysql-server-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 064abb6df8f7272d1a91ca890fefe1ff
mysql-test-5.0.44-2.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 81b83016558b08b4558f3b04dd681b19
 
Red Hat Application Stack v2

SRPMS:
mysql-5.0.44-3.el5s2.src.rpm
File outdated by:  RHSA-2009:1461
    MD5: 9b9b957fe2d29d198f27f956dedb31fe
 
IA-32:
mysql-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: cf1887c176b79fe704600f2bdc163474
mysql-bench-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: 1753693081423dc9841979b5564b58ff
mysql-cluster-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: 3be4ca88aa307cb4fd3ad786852782ec
mysql-devel-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: dcacca0a00f7eb14bdcebd1f943c47e7
mysql-libs-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: 809ff153137e95e27fd771c1be590dfc
mysql-server-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: a7a65b019b44f9c016739b5818dbf46b
mysql-test-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: 1a40e64039df2a50d68c22cbbb88edbf
 
x86_64:
mysql-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: cf1887c176b79fe704600f2bdc163474
mysql-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: cc9549cea809112110f1ec76cfbee1d8
mysql-bench-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: c20fc6b7e24a6928e7f080cfba9d98dd
mysql-cluster-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: 9ae5003039deb5772fb954ed1440cbcc
mysql-devel-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: dcacca0a00f7eb14bdcebd1f943c47e7
mysql-devel-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: 823725665e22e44533177134487d9f0f
mysql-libs-5.0.44-3.el5s2.i386.rpm
File outdated by:  RHSA-2009:1461
    MD5: 809ff153137e95e27fd771c1be590dfc
mysql-libs-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: b66ef3e045f403152d0451ae0bee8e39
mysql-server-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: cb45dec1b2d708e62955c4017f663036
mysql-test-5.0.44-3.el5s2.x86_64.rpm
File outdated by:  RHSA-2009:1461
    MD5: 902c6e1e350ae925d5de24c5e13f0418
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

377451 - CVE-2007-5925 mysql DoS in the InnoDB Engine
397071 - CVE-2007-5969 mysql: possible system table information overwrite using symlinks
420231 - CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/