Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug

from [security] Network Security [Permanent Link]
Subject: [ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug
Date: Thu, 31 Aug 2006 13:21:00 -0600 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:158
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : MySQL
 Date    : August 31, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 MySQL before 4.1.13 allows local users to cause a denial of service 
 (persistent replication slave crash) via a query with multiupdate 
 and subselects. (CVE-2006-4380)
 
 There is a bug in the MySQL-Max (and MySQL) init script where the 
 script was not waiting for the mysqld daemon to fully stop. This 
 impacted the restart beahvior during updates, as well as scripted
 setups that temporarily stopped the server to backup the database
 files. (Bug #15724)
 
 The Corporate 3 and MNF2 products are not affected by these issues.
 
 Packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
 http://qa.mandriva.com/show_bug.cgi?id=15724
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 493567c0514a9823ff00ad729a8bd465  
2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm
 49e04e83e5494e5e649e347bd1afe926  
2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm
 94d9cd0ba5b17473feeb23d56b90c61b  
2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm
 445d926ba55cc764d19aacfd8fffabad  
2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm
 0bffe1233e429c393dee9e60cc3e3f84  
2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm
 064949a85982662857c5f063d20769df  
2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm
 6bff9b2d2d6c06220eca96b97e63df52  
2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm
 7ebcd09dd60b04e988156a241e2d5f18  
2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm
 d009b4c577873cc13f68dbc85bc792cd  
2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d408fc51953b3aa78388ce09f47a8487  
x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm
 9145678262d216544c814ba7ceedac9d  
x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm
 cb98cbb09991b13a1300c0446d8e3764  
x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm
 f5db648daa13716b9ba1d910010a52f4  
x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm
 9cc2996dc0bcf73e054819880d2d780e  
x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm
 3b79a86727bf12654c541a2c0b9b3d3c  
x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm
 c8eefc94838cba03c03fd9493718b8bb  
x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm
 4f9e728df755920855f2ac93a3d66bfd  
x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm
 d009b4c577873cc13f68dbc85bc792cd  
x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/
1ejA4Amd8JfkWa7DQPpj2Mg=
=aSz3
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug, security <=
Previous by Date:  [Full-disclosure] Compression Plus and Tumblweed EMF Stack Overflow, Michael Hale Ligh
Next by Date:  Re: Re: BlackBoard Multiple Vulnerabilities (XSS), Pr070n
Previous by Thread:  [Full-disclosure] Compression Plus and Tumblweed EMF Stack Overflow, Michael Hale Ligh
Next by Thread:  Pheap CMS<= (lpref) Remote File Inclusion Exploit, SHiKaA-
Indexes:  [Date] [Thread] [Top] [All Lists]