Skip to navigation

Security Advisory Low: mysql security and bug fix update

Advisory: RHSA-2008:0364-9
Type: Security Advisory
Severity: Low
Issued on: 2008-05-20
Last updated on: 2008-05-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2006-0903
CVE-2006-4031
CVE-2006-4227
CVE-2006-7232
CVE-2007-1420
CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3781
CVE-2007-3782

Details

Updated mysql packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld), and
many different client programs and libraries.

MySQL did not require privileges such as "SELECT" for the source table in a
"CREATE TABLE LIKE" statement. An authenticated user could obtain sensitive
information, such as the table structure. (CVE-2007-3781)

A flaw was discovered in MySQL that allowed an authenticated user to gain
update privileges for a table in another database, via a view that refers
to the external table. (CVE-2007-3782)

MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.
An authenticated user could use this flaw to rename arbitrary tables.
(CVE-2007-2691)

A flaw was discovered in the mysql_change_db function when returning from
SQL SECURITY INVOKER stored routines. An authenticated user could use this
flaw to gain database privileges. (CVE-2007-2692)

MySQL allowed an authenticated user to bypass logging mechanisms via SQL
queries that contain the NULL character, which were not properly handled by
the mysql_real_query function. (CVE-2006-0903)

MySQL allowed an authenticated user to access a table through a previously
created MERGE table, even after the user's privileges were revoked from
the original table, which might violate intended security policy. This is
addressed by allowing the MERGE storage engine to be disabled, which can
be done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)

MySQL evaluated arguments in the wrong security context, which allowed an
authenticated user to gain privileges through a routine that had been made
available using "GRANT EXECUTE". (CVE-2006-4227)

Multiple flaws in MySQL allowed an authenticated user to cause the MySQL
daemon to crash via crafted SQL queries. This only caused a temporary
denial of service, as the MySQL daemon is automatically restarted after the
crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583)

As well, these updated packages fix the following bugs:

* a separate counter was used for "insert delayed" statements, which caused
rows to be discarded. In these updated packages, "insert delayed"
statements no longer use a separate counter, which resolves this issue.

* due to a bug in the Native POSIX Thread Library, in certain situations,
"flush tables" caused a deadlock on tables that had a read lock. The mysqld
daemon had to be killed forcefully. Now, "COND_refresh" has been replaced
with "COND_global_read_lock", which resolves this issue.

* mysqld crashed if a query for an unsigned column type contained a
negative value for a "WHERE [column] NOT IN" subquery.

* in master and slave server situations, specifying "on duplicate key
update" for "insert" statements did not update slave servers.

* in the mysql client, empty strings were displayed as "NULL". For
example, running "insert into [table-name] values (' ');" resulted in a
"NULL" entry being displayed when querying the table using "select * from
[table-name];".

* a bug in the optimizer code resulted in certain queries executing much
slower than expected.

* on 64-bit PowerPC architectures, MySQL did not calculate the thread stack
size correctly, which could have caused MySQL to crash when overly-complex
queries were used.

Note: these updated packages upgrade MySQL to version 5.0.45. For a full
list of bug fixes and enhancements, refer to the MySQL release notes:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html

All mysql users are advised to upgrade to these updated packages, which
resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mysql-5.0.45-7.el5.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1bbea84bb2b81ab14013f15cb8924a42
 
IA-32:
mysql-bench-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0a43f5bcb795e99cbd578422aa95cfd5
mysql-devel-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: a8e74d751c83f741587d7276f80ce8a7
mysql-server-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: bb842ec5e000a83256861898a286da81
mysql-test-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 9cc1b954ea3b69a8eb741c286536ca63
 
x86_64:
mysql-bench-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8cad05ce1abec3a0b0780fec69f0cb7d
mysql-devel-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: a8e74d751c83f741587d7276f80ce8a7
mysql-devel-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: d1d75dbe9bdb666f7b54ee4ff7d9d893
mysql-server-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 30dfd89e8e565ec4665b23974730ee6f
mysql-test-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 3332a4e57bd216acb126c04eb41c48f5
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mysql-5.0.45-7.el5.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1bbea84bb2b81ab14013f15cb8924a42
 
IA-32:
mysql-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: c523fd632bea6b02d72d3b01fe74f6fd
mysql-bench-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0a43f5bcb795e99cbd578422aa95cfd5
mysql-devel-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: a8e74d751c83f741587d7276f80ce8a7
mysql-server-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: bb842ec5e000a83256861898a286da81
mysql-test-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 9cc1b954ea3b69a8eb741c286536ca63
 
IA-64:
mysql-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: c523fd632bea6b02d72d3b01fe74f6fd
mysql-5.0.45-7.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 94ea5263cc1f5b03dd38690fbe4622ba
mysql-bench-5.0.45-7.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: d75f1248773b60b6b6ff2cd9d91c12a0
mysql-devel-5.0.45-7.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 4f4d92cef3c0314ea94b40f22715d36f
mysql-server-5.0.45-7.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: ac73cae2232c8efa20b77a3a3f147f7a
mysql-test-5.0.45-7.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: ad4b79f1abfdd56a2924141dba3c0fd7
 
PPC:
mysql-5.0.45-7.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 17106bdf9886e043b699ccfe55ec465d
mysql-5.0.45-7.el5.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 13d4ce2aa32f102ab5c0e473ceaa6ea3
mysql-bench-5.0.45-7.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: c006db2034210291b3ea455c69d2e1f8
mysql-devel-5.0.45-7.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0ad5a0759df86ec2702d087410d10e78
mysql-devel-5.0.45-7.el5.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 695341588c4b75f3acc97b6b125cfa9b
mysql-server-5.0.45-7.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: a761795a9ed453417f1d329ab30841db
mysql-server-5.0.45-7.el5.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 710f213ce0ad5ade07d826879677c8cf
mysql-test-5.0.45-7.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5c45d0261c36e97b1960589e085ea55d
 
s390x:
mysql-5.0.45-7.el5.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: e5e13aa14d9dcc24b1758e68f84f0b1d
mysql-5.0.45-7.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 3a4fc2f2b4ff6303243d01f36136c24e
mysql-bench-5.0.45-7.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0e9c119a5eafc8740032d7ddb281e17f
mysql-devel-5.0.45-7.el5.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: 36fbdb24b014c21c55ff2d98a770cef1
mysql-devel-5.0.45-7.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 24bda618f81a1116543a789a2d084a06
mysql-server-5.0.45-7.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 7fccc0e6b53fc1612f8b4558ab8abecb
mysql-test-5.0.45-7.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: e839abce9f708372eb60956982a36274
 
x86_64:
mysql-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: c523fd632bea6b02d72d3b01fe74f6fd
mysql-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: d3a391e07fe651ac3106238af68817ec
mysql-bench-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8cad05ce1abec3a0b0780fec69f0cb7d
mysql-devel-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: a8e74d751c83f741587d7276f80ce8a7
mysql-devel-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: d1d75dbe9bdb666f7b54ee4ff7d9d893
mysql-server-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 30dfd89e8e565ec4665b23974730ee6f
mysql-test-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 3332a4e57bd216acb126c04eb41c48f5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
mysql-5.0.45-7.el5.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1bbea84bb2b81ab14013f15cb8924a42
 
IA-32:
mysql-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: c523fd632bea6b02d72d3b01fe74f6fd
 
x86_64:
mysql-5.0.45-7.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: c523fd632bea6b02d72d3b01fe74f6fd
mysql-5.0.45-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: d3a391e07fe651ac3106238af68817ec
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

194613 - CVE-2006-0903 Mysql log file obfuscation
202246 - CVE-2006-4031 MySQL improper permission revocation
216427 - CVE-2006-4227 mysql improper suid argument evaluation
232603 - CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
240813 - CVE-2007-2583 mysql: DoS via statement with crafted IF clause
241688 - CVE-2007-2691 mysql DROP privilege not enforced when renaming tables
241689 - CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
248553 - CVE-2007-3781 CVE-2007-3782 New release of MySQL fixes security bugs
254012 - Mysql bug 20048: 5.0.22 FLUSH TABLES WITH READ LOCK bug; need upgrade to 5.0.23
256501 - mysql 5.0.22 still has a lot of bugs ; need upgrade
349121 - MySQL client will display empty strings as NULL (fixed in 5.0.23)
434264 - CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema
435391 - mysql does not calculate thread stack size correctly for RHEL5


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/