English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-23
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 17 Feb 2005
 Last revised: 17 Feb 2005

 Package: MySQL

 Summary: Multiple vulnerabilities have been discovered in MySQL

 More information:
    MySQL is a true multi-user, multi-threaded SQL database server.

    Multiple vulnerabilities have been discovered in MySQL:
    - A vulnerability exists MySQL's temporary file handling.
    - MySQL checks the CREATE/INSERT rights of the original table instead
      of the target table in an ALTER TABLE RENAME operation; this could
      allow attackers unauthorized access.
    - A buffer overflow exists in MySQL's mysql_real_connect function.
    - MySQL allows attackers to cause a denial of service via multiple
      threads that simultaneously alter MERGE table UNIONs.
    - A local user is granted privileges to a database with a name containing
      an underscore ("_").

 Impact:
    These vulnerabilities could allow attackers to overwrite arbitrary files
    via a symbolic link attack, and/or allow users to circumvent certain
    database access controls.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # turbopkg
 or
 # zabom -u MySQL MySQL-bench MySQL-client MySQL-devel MySQL-shared

 [other]
 # turbopkg
 or
 # zabom update MySQL-bench MySQL-client MySQL-devel MySQL-shared
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   MySQL-3.23.58-7.src.rpm
     12048247 32fe957b1c4acc9bd01a77039457b78e

   Binary Packages
   Size: MD5

   MySQL-3.23.58-7.i586.rpm
      5046840 b8a1fcfc558e440f0a07c0ce61db1f6c
   MySQL-bench-3.23.58-7.i586.rpm
       611947 e923cdf47556e3ea42962dff52eb2f96
   MySQL-client-3.23.58-7.i586.rpm
       156405 bae19dc4a5f703c13ba95465dc1b16bb
   MySQL-devel-3.23.58-7.i586.rpm
      1149508 a196fd9ee1340980689fbc76671ca4b5
   MySQL-shared-3.23.58-7.i586.rpm
       193329 6e50795b138056da9f26ebb9bb11661b

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   MySQL-3.23.58-7.src.rpm
     12048247 9a99a4a8e8062df09795ab0dcae7529a

   Binary Packages
   Size: MD5

   MySQL-3.23.58-7.i586.rpm
      5048276 1485c2dd87037b4cc4675e42ab952aff
   MySQL-bench-3.23.58-7.i586.rpm
       612132 e7bb1c67e1954f393d88502f23ce07e5
   MySQL-client-3.23.58-7.i586.rpm
       156517 6a2be06605032250997ea0b6852b816c
   MySQL-devel-3.23.58-7.i586.rpm
      1149308 c55edeff863945491f0c8a35525740a9
   MySQL-shared-3.23.58-7.i586.rpm
       193502 f03ee6839e621431ba2ed047f295328e

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/MySQL-3.23.58-7.src.rpm
     12048247 536fd33d744f09ff1dc04f629be0e818

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/MySQL-3.23.58-7.i586.rpm
      4978887 26602263ff6b0f533d4ddac7f5508996
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/MySQL-bench-3.23.58-7.i586.rpm
       624881 90bd5cb4280e2e2fd958a2471a7fef41
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/MySQL-client-3.23.58-7.i586.rpm
       161068 3c6245ecede5ea768ab52272ab404b8f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/MySQL-devel-3.23.58-7.i586.rpm
      1071911 505742fe3028d9884e4540d347bdbe8b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/MySQL-shared-3.23.58-7.i586.rpm
       169446 8266872152b86b46e0194035e99e2504

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/MySQL-3.23.58-7.src.rpm
     12048247 3bda39554e3da2e212c093724d6a39c8

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/MySQL-3.23.58-7.i586.rpm
      5047782 3cca48015777e95a23c2f0a565a807e9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/MySQL-bench-3.23.58-7.i586.rpm
       612535 513e29d33525b483519823b7ac9b85b1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/MySQL-client-3.23.58-7.i586.rpm
       156621 8b461aee025a899a36093f0d21be625c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/MySQL-devel-3.23.58-7.i586.rpm
      1149922 23fe70670db13067f490c16a206f5fc8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/MySQL-shared-3.23.58-7.i586.rpm
       193493 b27113e6da06fdf089e35523fcf8d11d

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/MySQL-3.23.58-7.src.rpm
     12048247 c0772127ecc7dda3786194142a937a68

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/MySQL-3.23.58-7.i586.rpm
      5047657 d99d7f89c16f9b952c7ff135bc2f0b60
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/MySQL-bench-3.23.58-7.i586.rpm
       612194 e2ae0038409c395d872bb9eecee1fb30
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/MySQL-client-3.23.58-7.i586.rpm
       156486 c1da923719efc4d390f564de866f5069
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/MySQL-devel-3.23.58-7.i586.rpm
      1149781 6f83416b15748e516e03f1a9b1cdc951
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/MySQL-shared-3.23.58-7.i586.rpm
       193503 a3d160bc1bd2ee3a5041ae1f92ac854e

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/MySQL-3.23.58-7.src.rpm
     12048247 9c716f5e2e9df6e3dc66d9962fdd9c0f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/MySQL-3.23.58-7.i586.rpm
      4964388 c11f3169796d015c8adfa705a7086881
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/MySQL-bench-3.23.58-7.i586.rpm
       612961 5a4005fa5875211c32990fe4d49e4e7c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/MySQL-client-3.23.58-7.i586.rpm
       152282 3207c699ecfe572ed4fd58e85471ff28
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/MySQL-devel-3.23.58-7.i586.rpm
      1087051 912f37de05a16a0cb31b68f2c31d38bd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/MySQL-shared-3.23.58-7.i586.rpm
       186771 07c744509dba108abf676e4190e31260

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/MySQL-3.23.58-7.src.rpm
     12048247 1f6192113b02e8a9d5c31672e33ecf7f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/MySQL-3.23.58-7.i586.rpm
      4963029 9af2f84fc2571641f06744d5a9a25223
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/MySQL-bench-3.23.58-7.i586.rpm
       612392 fb342f4adc900f223023b63540085a9e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/MySQL-client-3.23.58-7.i586.rpm
       152287 2a33103761066d0ef0567781eda096b6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/MySQL-devel-3.23.58-7.i586.rpm
      1087150 0fe89c621e15fac938840d5248120fb5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/MySQL-shared-3.23.58-7.i586.rpm
       186756 7d30521372ba13cbcdefb5be5732b8f8


 References:

 CVE
   [CAN-2004-0381]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
   [CAN-2004-0388]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
   [CAN-2004-0457]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457
   [CAN-2004-0835]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
   [CAN-2004-0836]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
   [CAN-2004-0837]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
   [CAN-2004-0957]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957

 --------------------------------------------------------------------------
 Revision History
    17 Feb 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCFJ3MK0LzjOqIJMwRAk5gAJ0ZtQQB+/6xav8etMToRLOhagVhsACcCu+D
imEDtJfIsMZRsYlQSV2Ilrs=
=nYWZ
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.