-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-7
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 28 Jan 2003
Last revised : 01 Apr 2003
Package : MySQL
Summry : Multiple MySQL Vulnerabilities
More information :
There are the following problems in MySQL.
* signed/unsigned problem in COM_TABLE_DUMP
* Password length handling in COM_CHANGE_USER
* read_rows() overflow in libmysqlclient
* read_one_row() overflow in libmysqlclient
Impact :
The vulnerabilities potentially enable local or remote attackers
to execute arbitrary shell commands.
This can be used to exploit SQL clients if they connect to
a compromised MySQL server.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
Solution :
Please use turbopkg tool to apply the update.
If you need to confirm the version of current installed
package, please issue rpm command as :
# rpm -qa | grep PACKAGE-NAME
<Turbolinux 8 Server>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i586.rpm
4463421 8537577a0d3ed93b7a745613b5c7ae5b
MySQL-bench-3.23.52-3.i586.rpm
594418 bc0664a00697985005ca618cfe00d480
MySQL-client-3.23.52-3.i586.rpm
155009 e94e25354e37afab2c47b1d1d2679cee
MySQL-devel-3.23.52-3.i586.rpm
1101575 6e8f207895748312369ceeb87b81fd41
MySQL-shared-3.23.52-3.i586.rpm
129771 f74a4bdc12400ecff50bd812ddf28562
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i586.rpm
4463403 0228f0cb6f4d779032c4d735dd59d156
MySQL-bench-3.23.52-3.i586.rpm
594352 f0a95f09422fd7fff21c351c00738471
MySQL-client-3.23.52-3.i586.rpm
155255 b28641b3a2b93dd588a71b188ceb7913
MySQL-devel-3.23.52-3.i586.rpm
1101546 b2a9d397ea6504014732f5483751ac36
MySQL-shared-3.23.52-3.i586.rpm
129791 7ce80ad3f9e91e591dfa8cd6782a4723
<Turbolinux 7 Server>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i586.rpm
4385482 475dd9e986282347d4adcffb9ecedfa2
MySQL-bench-3.23.52-3.i586.rpm
596829 acb0b9be485b496977150fc38461ae0e
MySQL-client-3.23.52-3.i586.rpm
151093 4b382039347bbaf3d636f4ee3b44581f
MySQL-devel-3.23.52-3.i586.rpm
1047394 403867cdb1c2fd7a2d56045eae4378d1
MySQL-shared-3.23.52-3.i586.rpm
127162 ae32a2435f37ccf74c398cf3c91653b6
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i586.rpm
4384516 8c986de09e52c6af4cce933e8772be40
MySQL-bench-3.23.52-3.i586.rpm
596492 f0e8d06bd05e785107bdb1ebe54182bf
MySQL-client-3.23.52-3.i586.rpm
151081 a566fc35847ee834cd3bd23b0c4cfd82
MySQL-devel-3.23.52-3.i586.rpm
1047339 f5ee8fa5acaeb462459b73d3fc0aa2b2
MySQL-shared-3.23.52-3.i586.rpm
127255 441ad155f9e3179091f9e7570f036d16
<Turbolinux Server 6.5>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i386.rpm
5417740 7be9a151dfc1cfdfff4e2dbb93fe627e
MySQL-bench-3.23.52-3.i386.rpm
713447 4a7e78b0a4ef38f7dd0075d551518ba1
MySQL-client-3.23.52-3.i386.rpm
158097 dce238bd663785b62cb09daff1220fb5
MySQL-devel-3.23.52-3.i386.rpm
1212162 3b129816e6f50a8d05f469e490c323cd
MySQL-shared-3.23.52-3.i386.rpm
125918 5f2c6bc46785dc0156c023f3091e5969
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i386.rpm
5417800 901d84e7314989e798ab0d6476d60544
MySQL-bench-3.23.52-3.i386.rpm
713515 d97c8d27a75e85f19a0c0e214487af7a
MySQL-client-3.23.52-3.i386.rpm
158088 94bea2068999d335041409d515865368
MySQL-devel-3.23.52-3.i386.rpm
1212168 d1d7f2d23719c818df8a199a8700a401
MySQL-shared-3.23.52-3.i386.rpm
125917 a1d357682e44da471d86da6f0872259c
<Turbolinux Server 6.1>
Source Packages
Size : MD5
MySQL-3.23.52-3.src.rpm
10856901 4012956a783f0d0c93bc3ab97d2acca2
Binary Packages
Size : MD5
MySQL-3.23.52-3.i386.rpm
5417800 1b467e920cbbd63878dd95b9418c1f95
MySQL-bench-3.23.52-3.i386.rpm
713564 4b24c7c1f66e41499d6e9aa082ae8da9
MySQL-client-3.23.52-3.i386.rpm
158088 7e72f1fd534f72ede2409a334a025f26
MySQL-devel-3.23.52-3.i386.rpm
1212171 4f77bcba570c74fb44747a071691e0d8
MySQL-shared-3.23.52-3.i386.rpm
125918 5e00652b2c546c2658b14379d9b4e148
References :
CVE
[
CAN-2002-1373]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2002-1373
[
CAN-2002-1374]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2002-1374
[
CAN-2002-1375]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2002-1375
[
CAN-2002-1376]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2002-1376
--------------------------------------------------------------------------
Revision History
28 Jan 2003 Initial release
01 Apr 2003 modifyed file size
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+iVoMK0LzjOqIJMwRAisnAJ9AIUImzeXsTo/pVM4R6W7GHPSRWQCaA0TZ
Vo7aIS+rllmrk/BBYOss0Tg=
=LlN/
-----END PGP SIGNATURE-----
