Advisories | Mandriva

Navigation

Package name	MySQL
Date	August 31st, 2006
Advisory ID	MDKSA-2006:158
Affected versions	2006.0

Problem Description

MySQL before 4.1.13 allows local users to cause a denial of service
(persistent replication slave crash) via a query with multiupdate
and subselects. (CVE-2006-4380)

There is a bug in the MySQL-Max (and MySQL) init script where the
script was not waiting for the mysqld daemon to fully stop. This
impacted the restart beahvior during updates, as well as scripted
setups that temporarily stopped the server to backup the database
files. (Bug #15724)

The Corporate 3 and MNF2 products are not affected by these issues.

Packages have been patched to correct these issues.

Updated Packages

Mandriva Linux 2006

 493567c0514a9823ff00ad729a8bd465  2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm
 49e04e83e5494e5e649e347bd1afe926  2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm
 94d9cd0ba5b17473feeb23d56b90c61b  2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm
 445d926ba55cc764d19aacfd8fffabad  2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm
 0bffe1233e429c393dee9e60cc3e3f84  2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm
 064949a85982662857c5f063d20769df  2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm
 6bff9b2d2d6c06220eca96b97e63df52  2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm
 7ebcd09dd60b04e988156a241e2d5f18  2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm
 d009b4c577873cc13f68dbc85bc792cd  2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 d408fc51953b3aa78388ce09f47a8487  x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm
 9145678262d216544c814ba7ceedac9d  x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm
 cb98cbb09991b13a1300c0446d8e3764  x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm
 f5db648daa13716b9ba1d910010a52f4  x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm
 9cc2996dc0bcf73e054819880d2d780e  x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm
 3b79a86727bf12654c541a2c0b9b3d3c  x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm
 c8eefc94838cba03c03fd9493718b8bb  x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm
 4f9e728df755920855f2ac93a3d66bfd  x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm
 d009b4c577873cc13f68dbc85bc792cd  x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4380

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.