Sirius
PHP+MySQL=LOVE
MySQL <= 3.23.55 под Linux - Баг, обновитесь...
Был найден баг в версиях ОС:
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
3. Problem description:
MySQL is a multi-user, multi-threaded SQL database server.
A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash) by
creating a carefully crafted client application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0073 to this issue.
MySQL 3.23.55 and earlier creates world-writable files and allows mysql
users to gain root privileges by using the "SELECT * INFO OUTFILE" operator
to overwrite a configuration file and cause mysql to run as root upon
restart. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0150 to this issue.
All users are advised to upgrade to MySQL 3.23.56 contained within this
errata which is not vulnerable to these issues.
In addition to the security fixes, these erratum packages contain a
thread safe client library (libmysqlclient_r).
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
85898 - double-free vulnerability in mysqld < 3.23.55
85971 - possible root exploit in mysqld startup
77662 - mysql RPM's do not provide a thread safe library
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mysql-3.23.56-1.71.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/mysql-3.23.56-1.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-server-3.23.56-1.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-devel-3.23.56-1.71.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mysql-3.23.56-1.72.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/mysql-3.23.56-1.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-server-3.23.56-1.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-devel-3.23.56-1.72.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-3.23.56-1.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-server-3.23.56-1.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-devel-3.23.56-1.72.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mysql-3.23.56-1.73.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/mysql-3.23.56-1.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-server-3.23.56-1.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-devel-3.23.56-1.73.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mysql-3.23.56-1.80.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/mysql-3.23.56-1.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-server-3.23.56-1.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-devel-3.23.56-1.80.i386.rpm
Был найден баг в версиях ОС:
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
3. Problem description:
MySQL is a multi-user, multi-threaded SQL database server.
A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash) by
creating a carefully crafted client application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0073 to this issue.
MySQL 3.23.55 and earlier creates world-writable files and allows mysql
users to gain root privileges by using the "SELECT * INFO OUTFILE" operator
to overwrite a configuration file and cause mysql to run as root upon
restart. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0150 to this issue.
All users are advised to upgrade to MySQL 3.23.56 contained within this
errata which is not vulnerable to these issues.
In addition to the security fixes, these erratum packages contain a
thread safe client library (libmysqlclient_r).
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
85898 - double-free vulnerability in mysqld < 3.23.55
85971 - possible root exploit in mysqld startup
77662 - mysql RPM's do not provide a thread safe library
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mysql-3.23.56-1.71.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/mysql-3.23.56-1.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-server-3.23.56-1.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mysql-devel-3.23.56-1.71.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mysql-3.23.56-1.72.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/mysql-3.23.56-1.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-server-3.23.56-1.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mysql-devel-3.23.56-1.72.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-3.23.56-1.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-server-3.23.56-1.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mysql-devel-3.23.56-1.72.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mysql-3.23.56-1.73.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/mysql-3.23.56-1.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-server-3.23.56-1.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mysql-devel-3.23.56-1.73.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mysql-3.23.56-1.80.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/mysql-3.23.56-1.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-server-3.23.56-1.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mysql-devel-3.23.56-1.80.i386.rpm