Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-671-1: MySQL vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-671-1: MySQL vulnerabilities
# 1  
Old 11-17-2008
USN-671-1: MySQL vulnerabilities
Referenced CVEs:
CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098


Description:
===========================================================Ubuntu Security Notice USN-671-1 November 17, 2008mysql-dfsg-5.0 vulnerabilitiesCVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that MySQL could be made to overwrite existing tablefiles in the data directory. An authenticated user could use theDATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilegechecks. This update alters table creation behaviour by disallowing theuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORYoptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)It was discovered that MySQL did not handle empty bit-string literalsproperly. An attacker could exploit this problem and cause the MySQLserver to crash, leading to a denial of service. (CVE-2008-3963)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

mysql_fix_extensions

MYSQL_FIX_EXTENSI(1)					       MySQL Database System					      MYSQL_FIX_EXTENSI(1)

NAME

       mysql_fix_extensions - normalize table file name extensions

SYNOPSIS

       mysql_fix_extensions data_dir

DESCRIPTION

       mysql_fix_extensions converts the extensions for MyISAM (or ISAM) table files to their canonical forms. It looks for files with extensions
       matching any lettercase variant of .frm, .myd, .myi, .isd, and .ism and renames them to have extensions of .frm, .MYD, .MYI, .ISD, and
       .ISM, respectively. This can be useful after transferring the files from a system with case-insensitive file names (such as Windows) to a
       system with case-sensitive file names.

       Invoke mysql_fix_extensions like this, where data_dir is the path name to the MySQL data directory.

	   shell> mysql_fix_extensions data_dir

COPYRIGHT

       Copyright 2007-2008 MySQL AB, 2008-2010 Sun Microsystems, Inc.

       This documentation is free software; you can redistribute it and/or modify it only under the terms of the GNU General Public License as
       published by the Free Software Foundation; version 2 of the License.

       This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with the program; if not, write to the Free Software Foundation,
       Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see http://www.gnu.org/licenses/.

SEE ALSO

       For more information, please refer to the MySQL Reference Manual, which may already be installed locally and which is also available online
       at http://dev.mysql.com/doc/.

AUTHOR

       Sun Microsystems, Inc. (http://www.mysql.com/).

MySQL 5.1							    04/06/2010						      MYSQL_FIX_EXTENSI(1)