Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14111
HistorySep 01, 2006 - 12:00 a.m.

[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug

2006-09-0100:00:00
vulners.com
19
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:158
http://www.mandriva.com/security/

Package : MySQL
Date : August 31, 2006
Affected: 2006.0

Problem Description:

MySQL before 4.1.13 allows local users to cause a denial of service
(persistent replication slave crash) via a query with multiupdate
and subselects. (CVE-2006-4380)

There is a bug in the MySQL-Max (and MySQL) init script where the
script was not waiting for the mysqld daemon to fully stop. This
impacted the restart beahvior during updates, as well as scripted
setups that temporarily stopped the server to backup the database
files. (Bug #15724)

The Corporate 3 and MNF2 products are not affected by these issues.

Packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
http://qa.mandriva.com/show_bug.cgi?id=15724

Updated Packages:

Mandriva Linux 2006.0:
493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm
49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm
94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm
445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm
0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm
064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm
6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm
7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm
d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm
9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm
cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm
f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm
9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm
3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm
c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm
4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm
d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/
1ejA4Amd8JfkWa7DQPpj2Mg=
=aSz3
-----END PGP SIGNATURE-----

Related

ubuntucve 1
nessus 9
cve 2
cert 1
osv 1
debian 1
openvas 3
redhat 1
centos 1
securityvulns 1
freebsd 1
gentoo 1
ubuntucve
ubuntucve
CVE-2006-4380
2006-08-28 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : MySQL (MDKSA-2006:158)
2006-12-16 00:00:00
MySQL < 4.1.13 Denial of Service
2012-01-18 00:00:00
Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities
2006-10-14 00:00:00
cve
cve
CVE-2006-4389
2006-09-12 23:07:00
CVE-2006-4380
2006-08-28 18:04:00
cert
cert
Apple QuickTime fails to properly handle FlashPix files
2006-09-13 00:00:00
osv
osv
mysql-dfsg-4.1 - several
2006-09-05 00:00:00
debian
debian
[SECURITY] [DSA 1169-1] New MySQL 4.1 packages fix several vulnerabilities
2006-09-05 06:08:29
openvas
openvas
Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)
2008-01-17 00:00:00
FreeBSD Ports: win32-codecs
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200803-08 (win32codecs)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2006:0544) mysql security update
2006-06-09 00:00:00
centos
centos
mysql security update
2006-06-09 17:37:00
securityvulns
securityvulns
Multiple Vulnerabilities in Apple QuickTime
2006-09-13 00:00:00
freebsd
freebsd
win32-codecs -- multiple vulnerabilities
2006-09-08 00:00:00
gentoo
gentoo
Win32 binary codecs: Multiple vulnerabilities
2008-03-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:14111
ubuntucve1nessus9cve2cert1osv1debian1openvas3redhat1centos1securityvulns1freebsd1gentoo1