Skip to navigation

Security Advisory Moderate: mysql security and bug fix update

Advisory: RHSA-2009:1289-2
Type: Security Advisory
Severity: Moderate
Issued on: 2009-09-02
Last updated on: 2009-09-02
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2008-2079
CVE-2008-3963
CVE-2008-4456
CVE-2009-2446

Details

Updated mysql packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

MySQL did not correctly check directories used as arguments for the DATA
DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated
attacker could elevate their access privileges to tables created by other
database users. Note: This attack does not work on existing tables. An
attacker can only elevate their access to another user's tables as the
tables are created. As well, the names of these created tables need to be
predicted correctly for this attack to succeed. (CVE-2008-2079)

A flaw was found in the way MySQL handles an empty bit-string literal. A
remote, authenticated attacker could crash the MySQL server daemon (mysqld)
if they used an empty bit-string literal in an SQL statement. This issue
only caused a temporary denial of service, as the MySQL daemon was
automatically restarted after the crash. (CVE-2008-3963)

An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)

Multiple format string flaws were found in the way the MySQL server logs
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specifically-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)

Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
"--log" command line option or the "log" option in "/etc/my.cnf") must be
enabled. This logging is not enabled by default.

This update also fixes multiple bugs. Details regarding these bugs can be
found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a
link to the Technical Notes in the References section of this errata.

Note: These updated packages upgrade MySQL to version 5.0.77 to incorporate
numerous upstream bug fixes. Details of these changes are found in the
following MySQL Release Notes:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html

All MySQL users are advised to upgrade to these updated packages, which
resolve these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mysql-5.0.77-3.el5.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 538e18203b1e20ee1d8b2becef186f58
 
IA-32:
mysql-bench-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: db04e4f02087c5d21a8738445dc02665
mysql-devel-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 25d85cf8e6eaaa2aee216fb021dc6ee2
mysql-server-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 630e95814f31d799c94e7c1148bb6d6c
mysql-test-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 86be797a79c26be92bfe0a42e2079519
 
x86_64:
mysql-bench-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 07c958c6549153001e1557e2ca20f1f0
mysql-devel-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 25d85cf8e6eaaa2aee216fb021dc6ee2
mysql-devel-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: c586642661d532ed7d8b9a4436ac7b07
mysql-server-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 4c8877e4994b0eff9b32d1b0a95e0161
mysql-test-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0d280c14bcc352245aae735d1dfbaea5
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mysql-5.0.77-3.el5.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 538e18203b1e20ee1d8b2becef186f58
 
IA-32:
mysql-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: fab2795e756daebdebdcc4a8131567a9
mysql-bench-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: db04e4f02087c5d21a8738445dc02665
mysql-devel-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 25d85cf8e6eaaa2aee216fb021dc6ee2
mysql-server-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 630e95814f31d799c94e7c1148bb6d6c
mysql-test-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 86be797a79c26be92bfe0a42e2079519
 
IA-64:
mysql-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: fab2795e756daebdebdcc4a8131567a9
mysql-5.0.77-3.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: b4cc421f0c0d9bf1112b5135dd79d744
mysql-bench-5.0.77-3.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 936193e6cf5203f14966e3a344c60057
mysql-devel-5.0.77-3.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: e443f8b70deac811876fb13003336614
mysql-server-5.0.77-3.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 7e670695100a2425d9fe696e3eb765b2
mysql-test-5.0.77-3.el5.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6b983cd9ec410ef8cbceed3bb1768e0f
 
PPC:
mysql-5.0.77-3.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1a38f26f5cff6cd04981dd31b130adcc
mysql-5.0.77-3.el5.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8717d5db632780f533db85606b955c75
mysql-bench-5.0.77-3.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 4299385f127875c62eba653934b70f0a
mysql-devel-5.0.77-3.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 866102c38389c0abeab1f8ce483a2051
mysql-devel-5.0.77-3.el5.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8b116594139f9b3c46304a5daf1368c3
mysql-server-5.0.77-3.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: c0eec73388e3a0c028c772bc3c551f3f
mysql-server-5.0.77-3.el5.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 7e098dda4c4825b80d0c4f5f08fa9ed1
mysql-test-5.0.77-3.el5.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: ea3874fdbde4b98830ad040f730c8d4e
 
s390x:
mysql-5.0.77-3.el5.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5bcac27fa6665056c1cf3a52912a6d91
mysql-5.0.77-3.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8d6ea15140a8957f672b62ed80bac9f4
mysql-bench-5.0.77-3.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 72696682546399c24f92f6ff132e15c9
mysql-devel-5.0.77-3.el5.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: 527c0cf963afdcd970cdd0121448a67f
mysql-devel-5.0.77-3.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 3f38ee970a1cd9c6f6077cc368f8809c
mysql-server-5.0.77-3.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 78823417f3a28d04d19fe2dc57ce9147
mysql-test-5.0.77-3.el5.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: a605aa9b0254be62193daf50f5b423cb
 
x86_64:
mysql-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: fab2795e756daebdebdcc4a8131567a9
mysql-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: e51c01f6e13473058a2c601bb911137a
mysql-bench-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 07c958c6549153001e1557e2ca20f1f0
mysql-devel-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 25d85cf8e6eaaa2aee216fb021dc6ee2
mysql-devel-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: c586642661d532ed7d8b9a4436ac7b07
mysql-server-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 4c8877e4994b0eff9b32d1b0a95e0161
mysql-test-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0d280c14bcc352245aae735d1dfbaea5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
mysql-5.0.77-3.el5.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 538e18203b1e20ee1d8b2becef186f58
 
IA-32:
mysql-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: fab2795e756daebdebdcc4a8131567a9
 
x86_64:
mysql-5.0.77-3.el5.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: fab2795e756daebdebdcc4a8131567a9
mysql-5.0.77-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: e51c01f6e13473058a2c601bb911137a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

435494 - Timeout error starting MySQL when using non-default socket file value (fix provided)
445222 - CVE-2008-2079 mysql: privilege escalation via DATA/INDEX DIRECTORY directives
448534 - upgrade to RHEL5.2 - breaks mysql replication between MasterDB and Slave
450178 - Somewhat dubious code in mysqld init.d script
452824 - mysql-server crash permanently
453156 - DATE function used in WHERE clause - broken
455619 - tmpdir variable not honored for internally created temporary tables
457218 - 'Explicit or implicit commit' error/server crash with concurrent transactions
462071 - CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
462534 - SQL Config files should not be read more than once
466518 - CVE-2008-4456 mysql: mysql command line client XSS flaw
470036 - Got query result when using ORDER BY ASC, but empty result when using DESC
476896 - CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
511020 - CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/