Date: Mon, 21 Mar 2005 14:59:14 +0100
From: Trustix Security Advisor <tsl@trustix.org.>
To: bugtraq@securityfocus.com
Subject: TSL-2005-0009 - multi
Message-ID: <20050321135914.GA13579@tsunami.trustix.net.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: amavisd-new at lists.trustix.org
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0009
Package name: kernel, mysql
Summary: Multiple security holes fixed
Date: 2005-03-21
Affected versions: Trustix Secure Linux 2.1
Trustix Secure Linux 2.2
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
kernel:
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
mysql:
MySQL is a true multi-user, multi-threaded SQL (Structured Query
Language) database server. MySQL is a client/server implementation
that consists of a server daemon (mysqld) and many different client
programs/libraries.
Problem description:
kernel:
Ben Martel and Stephen Blackheath discovered a denial of service bug
in the ppp server handling where a client could hang the server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0384 to this issue.
mysql:
Stefano Di Paola discovered three bugs in MySQL:
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
authenticated users with INSERT and DELETE privileges to execute
arbitrary code by using CREATE FUNCTION to access libc calls,
as demonstrated by using strcat, on_exit, and exit.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0709 to this issue.
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
authenticated users with INSERT and DELETE privileges to bypass
library path restrictions and execute arbitrary libraries by using
INSERT INTO to modify the mysql.func table, which is processed by the
udf_init function.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0710 to this issue.
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file
names when creating temporary tables, which allows local users with
CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a
symlink attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0711 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>;
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>;
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>;
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>;
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.1/>; and
<URI:http://www.trustix.org/errata/trustix-2.2/>;
or directly at
<URI:http://www.trustix.org/errata/2005/0009/>;
MD5sums of the packages:
- --------------------------------------------------------------------------
71d33557d95c1b7713af5a6e5d63d148 2.2/rpms/kernel-2.4.29-4tr.i586.rpm
a3344d1caaa87ef1af6d3fd3cb9fac40 2.2/rpms/kernel-BOOT-2.4.29-4tr.i586.rpm
bad1eaf10795af3e576a95b020a930c3 2.2/rpms/kernel-doc-2.4.29-4tr.i586.rpm
cbfcfe63c6fade391592e503464dabc2 2.2/rpms/kernel-smp-2.4.29-4tr.i586.rpm
f09a63d6e69a65d224a2de73d1cd7e8b 2.2/rpms/kernel-source-2.4.29-4tr.i586.rpm
105379c950590f0488916f583859268a 2.2/rpms/kernel-utils-2.4.29-4tr.i586.rpm
47f78a5e460a19d4084015082a33cbc8 2.2/rpms/mysql-4.1.10a-2tr.i586.rpm
37e1c9b78bb4fa04a3a53a5fb4527b49 2.2/rpms/mysql-bench-4.1.10a-2tr.i586.rpm
0592d8cc0e7198d8a24188fc5b5fc208 2.2/rpms/mysql-client-4.1.10a-2tr.i586.rpm
9162e1eb8b89d14c131634fb9819772b 2.2/rpms/mysql-devel-4.1.10a-2tr.i586.rpm
c053da09c5790a3287bdac88b616e722 2.2/rpms/mysql-libs-4.1.10a-2tr.i586.rpm
c4666923513e794857e7b9947b1e6718 2.2/rpms/mysql-shared-4.1.10a-2tr.i586.rpm
cd1cf2f282385bfe90b3de816637c32e 2.1/rpms/kernel-2.4.29-1tr.i586.rpm
2994f5bca157bc36d119586316f2201b 2.1/rpms/kernel-BOOT-2.4.29-1tr.i586.rpm
2c428d7627fa8d1a381f536b113220de 2.1/rpms/kernel-doc-2.4.29-1tr.i586.rpm
8f9c5c78f6b55eedf2ed45bd03a6f7fc 2.1/rpms/kernel-firewall-2.4.29-1tr.i586.rpm
5aa8786126f2f55b3735ea4721616427 2.1/rpms/kernel-firewallsmp-2.4.29-1tr.i586.rpm
7f2462b904d47260659575c6caa2c84c 2.1/rpms/kernel-smp-2.4.29-1tr.i586.rpm
b671653c5721ea3e79a05f54d0070970 2.1/rpms/kernel-source-2.4.29-1tr.i586.rpm
ed784d3c8a0c80b8a634c6687683cfc8 2.1/rpms/kernel-utils-2.4.29-1tr.i586.rpm
550fb7ba3f6a6f06ed98b5644741061c 2.1/rpms/mysql-4.0.24-1tr.i586.rpm
0ad72064ac9cfadd9db672f33b3dc5cb 2.1/rpms/mysql-bench-4.0.24-1tr.i586.rpm
4f6846b8c7a38705dbdac2409357c479 2.1/rpms/mysql-client-4.0.24-1tr.i586.rpm
caf084df98fb6fdbad8e0a0f7a2cd971 2.1/rpms/mysql-devel-4.0.24-1tr.i586.rpm
4dbcd3e8cffaf9ed4f89161ed19355e0 2.1/rpms/mysql-libs-4.0.24-1tr.i586.rpm
7870630cf5d1fcf12a1799f2e266693c 2.1/rpms/mysql-shared-4.0.24-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCPskpi8CEzsK9IksRAnbyAJ9xA0lDupc724ecrdovacbqk0/iMQCfbvoy
a2/kIM/xv8C21ENZ0p1Id/0=
=XPJj
-----END PGP SIGNATURE-----
