Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: aliz@gentoo.org (Daniel Ahlberg)
To: gentoo-announce@g.o, bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com
Subject: [gentoo-announce] GLSA: mysql (200309-08)
Date: Mon, 15 Sep 2003 12:24:58
Message-Id: 20030915100100.B684C9FBC5@noc.internal.fairytale.se
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200309-08
6 - - - ---------------------------------------------------------------------
7
8           PACKAGE : mysql
9           SUMMARY : buffer overflow
10              DATE : 2003-09-15 10:00 UTC
11           EXPLOIT : remote
12 VERSIONS AFFECTED : <mysql-3.23.57-r1 <mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked)
13     FIXED VERSION : >=mysql-3.23.57-r1 >=mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked)
14               CVE : CAN-2003-0780
15
16 - - - ---------------------------------------------------------------------
17
18 quote from advisory:
19
20 "Anyone with global administrative privileges on a MySQL server may
21 execute arbitrary code even on a host he isn't supposed to have a shell
22 on, with the privileges of the system account running the MySQL server."
23
24 read the full advisory at:
25 http://www.securityfocus.com/archive/1/337012
26
27 SOLUTION
28
29 It is recommended that all Gentoo Linux users who are running
30 dev-db/mysql upgrade to either one of these versions:
31
32 3.23.x - mysql-3.23.57-r1
33 4.0.x - mysql-4.0.13-r4 OR
34 mysql-4.0.14-r2 if accepting "~" keywords.
35
36 emerge sync
37 emerge \=dev-db/mysql/<mysql version>
38 emerge clean
39
40 - - - ---------------------------------------------------------------------
41 aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
42 solar@g.o
43 - - - ---------------------------------------------------------------------
44 -----BEGIN PGP SIGNATURE-----
45 Version: GnuPG v1.2.3 (GNU/Linux)
46
47 iD8DBQE/ZY3cfT7nyhUpoZMRAjpJAJ0ZTUg/pJxdsWeIpxTJX/cDMatkEQCeKmFU
48 GGrAKtwqtPNuiguwyhelHys=
49 =uFLV
50 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups