From tsl@trustix.org Mon Mar 21 12:30:00 2005 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Mon, 21 Mar 2005 14:59:14 +0100 Subject: TSL-2005-0009 - multi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0009 Package name: kernel, mysql Summary: Multiple security holes fixed Date: 2005-03-21 Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux 2.2 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: kernel: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. mysql: MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. Problem description: kernel: Ben Martel and Stephen Blackheath discovered a denial of service bug in the ppp server handling where a client could hang the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0384 to this issue. mysql: Stefano Di Paola discovered three bugs in MySQL: MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0709 to this issue. MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0710 to this issue. MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0711 to this issue. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 71d33557d95c1b7713af5a6e5d63d148 2.2/rpms/kernel-2.4.29-4tr.i586.rpm a3344d1caaa87ef1af6d3fd3cb9fac40 2.2/rpms/kernel-BOOT-2.4.29-4tr.i586.rpm bad1eaf10795af3e576a95b020a930c3 2.2/rpms/kernel-doc-2.4.29-4tr.i586.rpm cbfcfe63c6fade391592e503464dabc2 2.2/rpms/kernel-smp-2.4.29-4tr.i586.rpm f09a63d6e69a65d224a2de73d1cd7e8b 2.2/rpms/kernel-source-2.4.29-4tr.i586.rpm 105379c950590f0488916f583859268a 2.2/rpms/kernel-utils-2.4.29-4tr.i586.rpm 47f78a5e460a19d4084015082a33cbc8 2.2/rpms/mysql-4.1.10a-2tr.i586.rpm 37e1c9b78bb4fa04a3a53a5fb4527b49 2.2/rpms/mysql-bench-4.1.10a-2tr.i586.rpm 0592d8cc0e7198d8a24188fc5b5fc208 2.2/rpms/mysql-client-4.1.10a-2tr.i586.rpm 9162e1eb8b89d14c131634fb9819772b 2.2/rpms/mysql-devel-4.1.10a-2tr.i586.rpm c053da09c5790a3287bdac88b616e722 2.2/rpms/mysql-libs-4.1.10a-2tr.i586.rpm c4666923513e794857e7b9947b1e6718 2.2/rpms/mysql-shared-4.1.10a-2tr.i586.rpm cd1cf2f282385bfe90b3de816637c32e 2.1/rpms/kernel-2.4.29-1tr.i586.rpm 2994f5bca157bc36d119586316f2201b 2.1/rpms/kernel-BOOT-2.4.29-1tr.i586.rpm 2c428d7627fa8d1a381f536b113220de 2.1/rpms/kernel-doc-2.4.29-1tr.i586.rpm 8f9c5c78f6b55eedf2ed45bd03a6f7fc 2.1/rpms/kernel-firewall-2.4.29-1tr.i586.rpm 5aa8786126f2f55b3735ea4721616427 2.1/rpms/kernel-firewallsmp-2.4.29-1tr.i586.rpm 7f2462b904d47260659575c6caa2c84c 2.1/rpms/kernel-smp-2.4.29-1tr.i586.rpm b671653c5721ea3e79a05f54d0070970 2.1/rpms/kernel-source-2.4.29-1tr.i586.rpm ed784d3c8a0c80b8a634c6687683cfc8 2.1/rpms/kernel-utils-2.4.29-1tr.i586.rpm 550fb7ba3f6a6f06ed98b5644741061c 2.1/rpms/mysql-4.0.24-1tr.i586.rpm 0ad72064ac9cfadd9db672f33b3dc5cb 2.1/rpms/mysql-bench-4.0.24-1tr.i586.rpm 4f6846b8c7a38705dbdac2409357c479 2.1/rpms/mysql-client-4.0.24-1tr.i586.rpm caf084df98fb6fdbad8e0a0f7a2cd971 2.1/rpms/mysql-devel-4.0.24-1tr.i586.rpm 4dbcd3e8cffaf9ed4f89161ed19355e0 2.1/rpms/mysql-libs-4.0.24-1tr.i586.rpm 7870630cf5d1fcf12a1799f2e266693c 2.1/rpms/mysql-shared-4.0.24-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCPskpi8CEzsK9IksRAnbyAJ9xA0lDupc724ecrdovacbqk0/iMQCfbvoy a2/kIM/xv8C21ENZ0p1Id/0= =XPJj -----END PGP SIGNATURE-----