OpenPKG-SA-2005.006-mysql.txt

Michael Schloh Mon, 18 Apr 2005 07:46:46 -0700

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   18-Apr-2005 16:46:45
  Branch: HEAD                             Handle: 2005041815464500

  Modified files:
    openpkg-web/security    OpenPKG-SA-2005.006-mysql.txt

  Log:
    complete edition, and prepare for signing

  Summary:
    Revision    Changes     Path
    1.2         +17 -17     openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2005.006-mysql.txt
  --- openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt        15 Apr 2005 
11:45:16 -0000      1.1
  +++ openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt        18 Apr 2005 
14:46:45 -0000      1.2
  @@ -3,7 +3,7 @@
   OpenPKG Security Advisory                            The OpenPKG Project
   http://www.openpkg.org/security.html              http://www.openpkg.org
   [EMAIL PROTECTED]                         [EMAIL PROTECTED]
  -OpenPKG-SA-2006.006                                          15-Apr-2005
  +OpenPKG-SA-2006.006                                          18-Apr-2005
   ________________________________________________________________________
   
   Package:             mysql
  @@ -35,15 +35,15 @@
                        sendmail::with_mysql snort::with_mysql
   
   Description:
  -  Several vulnerabilities ranging from insecure handling of temporary files
  -  to arbitrary code execution have been discovered in the MySQL RDBMS [0].
  +  Several vulnerabilities including insecure handling of temporary files
  +  and arbitrary code execution have been discovered in the MySQL RDBMS [0].
   
     Javier Fernandez-Sanguino Pena found that users may overwrite arbitrary
     files or read temporary files via a symlink attack on insecurely created
     temporary files. The Common Vulnerabilities and Exposures (CVE) project
     assigned the identifier CAN-2005-0004 [1] to this problem.
   
  -  Stefano Di Paola found that a user could load forbidden dynamic library
  +  Stefano Di Paola found that users may load forbidden dynamic library
     symbols with dlsym(3) to exploit a problem with user definable functions
     (UDFs) logic and thereby remotely execute arbitrary code. The Common
     Vulnerabilities and Exposures (CVE) project assigned the identifier
  @@ -51,14 +51,14 @@
   
     Stefano Di Paola also determined that incomplete testing of dynamic
     library pathnames could lead to insecure loading of UDFs from dynamic
  -  libraries in arbitrary locations, again allowing a user to remotely
  -  execute arbitrary code. The Common Vulnerabilities and Exposures (CVE)
  -  project assigned the identifier CAN-2005-0710 [3] to this problem.
  +  libraries in arbitrary locations, allowing users to remotely execute
  +  arbitrary code. The Common Vulnerabilities and Exposures (CVE) project
  +  assigned the identifier CAN-2005-0710 [3] to this problem.
   
     Stefano Di Paola also discovered that creation of temporary tables uses
  -  predictable file names, allowing some users to overwrite arbitrary files
  -  via a symlink attack. The Common Vulnerabilities and Exposures (CVE)
  -  project assigned the identifier CAN-2005-0711 [4] to this problem.
  +  predictable file names, allowing users to overwrite arbitrary files via
  +  a symlink attack. The Common Vulnerabilities and Exposures (CVE) project
  +  assigned the identifier CAN-2005-0711 [4] to this problem.
   
     Please check whether you are affected by running "<prefix>/bin/openpkg
     rpm -q mysql". If you have the "mysql" package installed and its
  @@ -88,13 +88,13 @@
   ________________________________________________________________________
   
   References:
  -  [0]  http://www.mysql.com/
  -  [1]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
  -  [2]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709
  -  [3]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710
  -  [4]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711
  -  [5]  http://www.openpkg.org/tutorial.html#regular-source
  -  [6]  http://www.openpkg.org/tutorial.html#regular-binary
  +  [0] http://www.mysql.com/
  +  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
  +  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709
  +  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710
  +  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711
  +  [5] http://www.openpkg.org/tutorial.html#regular-source
  +  [6] http://www.openpkg.org/tutorial.html#regular-binary
     [7] ftp://ftp.openpkg.org/release/2.2/UPD/mysql-4.0.21-2.2.2.src.rpm
     [8] ftp://ftp.openpkg.org/release/2.2/UPD/
     [9] http://www.openpkg.org/security.html#signature
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.006-mysql.txt

Reply via email to