Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.
229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:197
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : mysql
Date : July 23, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in mysql:
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15,
and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31
and earlier, and 5.6.11 and earlier allows remote attackers to cause
a denial of service (crash) via a crafted geometry feature that
specifies a large number of points, which is not properly handled
when processing the binary representation of this feature, related
to a numeric calculation error (CVE-2013-1861).
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Full Text Search (CVE-2013-3802).
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server Optimizer (CVE-2013-3804).
The updated packages have been upgraded to the 5.1.70 version which
is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3804
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-70.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
d50025f407efd92277e1ce69b498932a mes5/i586/libmysql16-5.1.70-0.1mdvmes5.2.i586.rpm
9f0cb96b3e3cc6d9217d4d58a90304c5 mes5/i586/libmysql-devel-5.1.70-0.1mdvmes5.2.i586.rpm
51943d180dd136175e303a7629e8ece2 mes5/i586/libmysql-static-devel-5.1.70-0.1mdvmes5.2.i586.rpm
11f429a294ce0a1f0a3b760ea5e36392 mes5/i586/mysql-5.1.70-0.1mdvmes5.2.i586.rpm
e581dea7bbd3ec979ecebe2fb03fdecf mes5/i586/mysql-bench-5.1.70-0.1mdvmes5.2.i586.rpm
e8c4be68e730ed3f4b854cbfb2ef62d1 mes5/i586/mysql-client-5.1.70-0.1mdvmes5.2.i586.rpm
58e82a0beaf27e4d4dd0a8680550242d mes5/i586/mysql-common-5.1.70-0.1mdvmes5.2.i586.rpm
ef5290b2cec153e8529a9a2475536541 mes5/SRPMS/mysql-5.1.70-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
aa18a4827c59c6b87c9d7b2972e7724c mes5/x86_64/lib64mysql16-5.1.70-0.1mdvmes5.2.x86_64.rpm
efecce077f18b14d3864a455d98fd962 mes5/x86_64/lib64mysql-devel-5.1.70-0.1mdvmes5.2.x86_64.rpm
612305725f5081095e839911eab31f92 mes5/x86_64/lib64mysql-static-devel-5.1.70-0.1mdvmes5.2.x86_64.rpm
2d12d3c1ebc247a49c70074ac00044cd mes5/x86_64/mysql-5.1.70-0.1mdvmes5.2.x86_64.rpm
5330a94f0a81648e0610d8fb051be165 mes5/x86_64/mysql-bench-5.1.70-0.1mdvmes5.2.x86_64.rpm
87b0f4a48768c3f97fd391101dff0f70 mes5/x86_64/mysql-client-5.1.70-0.1mdvmes5.2.x86_64.rpm
43ad98e628ae21a2d8c825096ff35f4f mes5/x86_64/mysql-common-5.1.70-0.1mdvmes5.2.x86_64.rpm
ef5290b2cec153e8529a9a2475536541 mes5/SRPMS/mysql-5.1.70-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFR7h76mqjQ0CJFipgRAilqAJ4s0yqFPFdT0sOYj20pYbQni9KHcgCgu6As
M44JAmrkDXcyeRhgdxkZszI=
=KbxN
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed