[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.006-mysql.txt

Wed, 20 Apr 2005 08:21:22 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   20-Apr-2005 17:21:21
  Branch: HEAD                             Handle: 2005042016212100

  Modified files:
    openpkg-web/security    OpenPKG-SA-2005.006-mysql.txt

  Log:
    release OpenPKG Security Advisory 2005.006 (mysql)

  Summary:
    Revision    Changes     Path
    1.3         +25 -13     openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2005.006-mysql.txt
  --- openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt        18 Apr 2005 
14:46:45 -0000      1.2
  +++ openpkg-web/security/OpenPKG-SA-2005.006-mysql.txt        20 Apr 2005 
15:21:21 -0000      1.3
  @@ -1,9 +1,12 @@
  +-----BEGIN PGP SIGNED MESSAGE-----
  +Hash: SHA1
  +
   ________________________________________________________________________
   
   OpenPKG Security Advisory                            The OpenPKG Project
   http://www.openpkg.org/security.html              http://www.openpkg.org
   [EMAIL PROTECTED]                         [EMAIL PROTECTED]
  -OpenPKG-SA-2006.006                                          18-Apr-2005
  +OpenPKG-SA-2005.006                                          20-Apr-2005
   ________________________________________________________________________
   
   Package:             mysql
  @@ -38,16 +41,17 @@
     Several vulnerabilities including insecure handling of temporary files
     and arbitrary code execution have been discovered in the MySQL RDBMS [0].
   
  -  Javier Fernandez-Sanguino Pena found that users may overwrite arbitrary
  -  files or read temporary files via a symlink attack on insecurely created
  -  temporary files. The Common Vulnerabilities and Exposures (CVE) project
  -  assigned the identifier CAN-2005-0004 [1] to this problem.
  +  Javier Fernandez-Sanguino Pena found that users may overwrite
  +  arbitrary files or read temporary files via a symlink attack on
  +  insecurely created temporary files. The Common Vulnerabilities and
  +  Exposures (CVE) project assigned the identifier CAN-2005-0004 [1] to
  +  this problem.
   
     Stefano Di Paola found that users may load forbidden dynamic library
  -  symbols with dlsym(3) to exploit a problem with user definable functions
  -  (UDFs) logic and thereby remotely execute arbitrary code. The Common
  -  Vulnerabilities and Exposures (CVE) project assigned the identifier
  -  CAN-2005-0709 [2] to this problem.
  +  symbols with dlsym(3) to exploit a problem with user definable
  +  functions (UDFs) logic and thereby remotely execute arbitrary code.
  +  The Common Vulnerabilities and Exposures (CVE) project assigned the
  +  identifier CAN-2005-0709 [2] to this problem.
   
     Stefano Di Paola also determined that incomplete testing of dynamic
     library pathnames could lead to insecure loading of UDFs from dynamic
  @@ -55,10 +59,11 @@
     arbitrary code. The Common Vulnerabilities and Exposures (CVE) project
     assigned the identifier CAN-2005-0710 [3] to this problem.
   
  -  Stefano Di Paola also discovered that creation of temporary tables uses
  -  predictable file names, allowing users to overwrite arbitrary files via
  -  a symlink attack. The Common Vulnerabilities and Exposures (CVE) project
  -  assigned the identifier CAN-2005-0711 [4] to this problem.
  +  Stefano Di Paola also discovered that creation of temporary tables
  +  uses predictable file names, allowing users to overwrite arbitrary
  +  files via a symlink attack. The Common Vulnerabilities and Exposures
  +  (CVE) project assigned the identifier CAN-2005-0711 [4] to this
  +  problem.
   
     Please check whether you are affected by running "<prefix>/bin/openpkg
     rpm -q mysql". If you have the "mysql" package installed and its
  @@ -107,3 +112,10 @@
   for details on how to verify the integrity of this advisory.
   ________________________________________________________________________
   
  +-----BEGIN PGP SIGNATURE-----
  +Comment: OpenPKG <[EMAIL PROTECTED]>
  +
  +iD8DBQFCZnNZgHWT4GPEy58RAidHAKC3q/jVpH+nwRR+vywKBkPrWF1kVACgtabH
  +6K1qurV1hlsBureBo3auVIo=
  +=F5zz
  +-----END PGP SIGNATURE-----
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to