Bugzilla – Bug 71788
VUL-0: CVE-2005-0711: Please update MySQL 4.1.10 to 4.1.10a before releasing SUSE Linux 9.3
Last modified: 2021-10-27 11:51:21 UTC
Hi, shortly after 4.1.10 was released, we were informed of several security vulnerabilites (insecure temp file name handling, issues on how User Defined Functions are handled). We have created fixes for these and applied them on top of 4.1.10, it will be released as 4.1.10a by tomorrow. The advisories for these flaws should hit Bugtraq by the end of this day, we plan to update our Download pages by tomorrow morning (the mirrors need some time for seeding). Please update MySQL to 4.1.10a before finalizing 9.3, if possible. I have placed the sources used for this release to the following location: ftp://ftp.mysql.com/pub/mysql/download/mysql-4.1.10a.tar.gz MD5 checksum: 6a4a6a5b3d0a42a9a271b2b8867bde82 The patches applied can be reviewed here: http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1346.810.1?nav=index.html|ChangeSet@-1d http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1346.810.2?nav=index.html|ChangeSet@-1d If it's too late for doing it for the 9.3 release, please consider providing YOU packages ASAP. Thanks! BTW: 4.0 is affected by this one as well, so you may need to publish Updates for distributions that used MySQL 4.0 (4.0.24 will include the fixes and is also scheduled for publishing by tomorrow)
Michal, please do the update.
Updated.
Thanks a lot! Keep up the good work.
please port the patch to the older mysqls ... (the create function one is needed, the tmprace one optional)
Just to make it clear: By create function you refer to uninitialised create_flags? By tmprace you mean creating tables with O_EXCL|O_NOFOLLOW?
the create function fixes ... most of those are in the first bitkeeper URL, all entries with:"--allow_suspicious_udfs" inside. The second bk url is just a bugfix for the first one I think. the latter (table creation) if it is easy to port.
"MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges (CAN-2005-0709 and CAN-2005-0710). Furthermore MySQL uses predictable filenames when creating temporary files with CREATE TEMPORARY TABLE (CAN-2005-0711)."
Ludwig: That is yet another issue?
That's what gentoo wrote in their advisory. The CAN descriptions sounded like the issues discussed here to me. You can look up the CAN numbers at http://cve.mitre.org/, e.g. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711
CAN issues looks like this issue, but I have no idea where they found "INSERT and DELETE privileges"...
Packages submited.
Then let's close this.
please do not close security bugs before we finished the update process
swamp id 661
is only the "mysql" package affected or subpackages as well?
mysql-Max is affected as well.
thanks, patchinfo submitted
updates and advisory released
CVE-2005-0711: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)