Red Hat Product Errata RHSA-2006:0544 - Security Advisory

Issued:: 2006-06-09
Updated:: 2006-06-08

RHSA-2006:0544 - Security Advisory

Overview
Updated Packages

Synopsis

mysql security update

Type/Severity

Security Advisory: Important

Topic

Updated mysql packages that fix multiple security flaws are now available.

This update has been rated as having important security impact by the Red Hat
Security Response Team.

Description

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld) and
many different client programs and libraries.

A flaw was found in the way the MySQL mysql_real_escape() function escaped
strings when operating in a multibyte character encoding. An attacker
could provide an application a carefully crafted string containing
invalidly-encoded characters which may be improperly escaped, leading to
the injection of malicious SQL commands. (CVE-2006-2753)

An information disclosure flaw was found in the way the MySQL server
processed malformed usernames. An attacker could view a small portion
of server memory by supplying an anonymous login username which was not
null terminated. (CVE-2006-1516)

An information disclosure flaw was found in the way the MySQL server
executed the COM_TABLE_DUMP command. An authenticated malicious user could
send a specially crafted packet to the MySQL server which returned
random unallocated memory. (CVE-2006-1517)

A log file obfuscation flaw was found in the way the mysql_real_query()
function creates log file entries. An attacker with the the ability to call
the mysql_real_query() function against a mysql server can obfuscate the
entry the server will write to the log file. However, an attacker needed
to have complete control over a server in order to attempt this attack.
(CVE-2006-0903)

This update also fixes numerous non-security-related flaws, such as
intermittent authentication failures.

All users of mysql are advised to upgrade to these updated packages
containing MySQL version 4.1.20, which is not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 183260 - CVE-2006-0903 Mysql log file obfuscation
BZ - 183277 - Client error in mysql on updates when high concurrency
BZ - 190743 - CVE-2006-1517 Mysql information leak
BZ - 190863 - CVE-2006-1516 mysql anonymous login information leak
BZ - 193827 - CVE-2006-2753 MySQL improper multibyte string escaping

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
mysql-4.1.20-1.RHEL4.1.src.rpm	SHA-256: bae5f5cc3f87ec6dbec4347a8bddeb67792cc0b102255a81f52cd112b213de5b
x86_64
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: 5ae30eb8989481d6a5ab73bf35dcb77177f60d1bfad109c8611a3909b622a688
mysql-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: 5ae30eb8989481d6a5ab73bf35dcb77177f60d1bfad109c8611a3909b622a688
mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: f78e21dda031fbcb63968b5ecbc2c86f3097f04e83ea32f3acf9ea2e107c2a25
mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: f78e21dda031fbcb63968b5ecbc2c86f3097f04e83ea32f3acf9ea2e107c2a25
mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: a7ec97d846a0a074ca620e1d5a166e154d60a305c318cef8270c8203f4302c66
mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: a7ec97d846a0a074ca620e1d5a166e154d60a305c318cef8270c8203f4302c66
mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: d4a0baed0b485629c76a3f8f7fd71ac86fcd526d4dcc4f24750c4a38d8149526
mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: d4a0baed0b485629c76a3f8f7fd71ac86fcd526d4dcc4f24750c4a38d8149526
ia64
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: b6a5766f4eab437ffba9e5bcd4ff24b81789eea3ce505874228e262636a499dc
mysql-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: b6a5766f4eab437ffba9e5bcd4ff24b81789eea3ce505874228e262636a499dc
mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: e8a38cddd09b1974bc1dd970c39e6ad44fa65541433cc5bc56c42080a5316744
mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: e8a38cddd09b1974bc1dd970c39e6ad44fa65541433cc5bc56c42080a5316744
mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: 1a82cf607f3e10992a7b610a1d1b65cf932d32926e2563cdb42920337521e521
mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: 1a82cf607f3e10992a7b610a1d1b65cf932d32926e2563cdb42920337521e521
mysql-server-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: 1de2397b963a204e3edaf3807adf0deda5dcccedf10c1f984c2598024380098b
mysql-server-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: 1de2397b963a204e3edaf3807adf0deda5dcccedf10c1f984c2598024380098b
i386
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-bench-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 2c43bd336de688d6a8a6b416031bcdce63e0c2ae138f670a493bbd9161fcee07
mysql-bench-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 2c43bd336de688d6a8a6b416031bcdce63e0c2ae138f670a493bbd9161fcee07
mysql-devel-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: d8d680ad3ea584f0f52ce177a6bba716b751a2de6765f0e3beaf835d4c9cce71
mysql-devel-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: d8d680ad3ea584f0f52ce177a6bba716b751a2de6765f0e3beaf835d4c9cce71
mysql-server-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 452cabd93a078f9ce070380794332d01a6d30f846f718dc752dbc6a395ead3e9
mysql-server-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 452cabd93a078f9ce070380794332d01a6d30f846f718dc752dbc6a395ead3e9

Red Hat Enterprise Linux Workstation 4

SRPM
mysql-4.1.20-1.RHEL4.1.src.rpm	SHA-256: bae5f5cc3f87ec6dbec4347a8bddeb67792cc0b102255a81f52cd112b213de5b
x86_64
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: 5ae30eb8989481d6a5ab73bf35dcb77177f60d1bfad109c8611a3909b622a688
mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: f78e21dda031fbcb63968b5ecbc2c86f3097f04e83ea32f3acf9ea2e107c2a25
mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: a7ec97d846a0a074ca620e1d5a166e154d60a305c318cef8270c8203f4302c66
mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: d4a0baed0b485629c76a3f8f7fd71ac86fcd526d4dcc4f24750c4a38d8149526
ia64
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: b6a5766f4eab437ffba9e5bcd4ff24b81789eea3ce505874228e262636a499dc
mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: e8a38cddd09b1974bc1dd970c39e6ad44fa65541433cc5bc56c42080a5316744
mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: 1a82cf607f3e10992a7b610a1d1b65cf932d32926e2563cdb42920337521e521
mysql-server-4.1.20-1.RHEL4.1.ia64.rpm	SHA-256: 1de2397b963a204e3edaf3807adf0deda5dcccedf10c1f984c2598024380098b
i386
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-bench-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 2c43bd336de688d6a8a6b416031bcdce63e0c2ae138f670a493bbd9161fcee07
mysql-devel-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: d8d680ad3ea584f0f52ce177a6bba716b751a2de6765f0e3beaf835d4c9cce71
mysql-server-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 452cabd93a078f9ce070380794332d01a6d30f846f718dc752dbc6a395ead3e9

Red Hat Enterprise Linux Desktop 4

SRPM
mysql-4.1.20-1.RHEL4.1.src.rpm	SHA-256: bae5f5cc3f87ec6dbec4347a8bddeb67792cc0b102255a81f52cd112b213de5b
x86_64
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: 5ae30eb8989481d6a5ab73bf35dcb77177f60d1bfad109c8611a3909b622a688
mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: f78e21dda031fbcb63968b5ecbc2c86f3097f04e83ea32f3acf9ea2e107c2a25
mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: a7ec97d846a0a074ca620e1d5a166e154d60a305c318cef8270c8203f4302c66
mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm	SHA-256: d4a0baed0b485629c76a3f8f7fd71ac86fcd526d4dcc4f24750c4a38d8149526
i386
mysql-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 3d1eda96bb331acf5a222f3a2a00104107b7e3e7fe848f13158484a519dd5d15
mysql-bench-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 2c43bd336de688d6a8a6b416031bcdce63e0c2ae138f670a493bbd9161fcee07
mysql-devel-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: d8d680ad3ea584f0f52ce177a6bba716b751a2de6765f0e3beaf835d4c9cce71
mysql-server-4.1.20-1.RHEL4.1.i386.rpm	SHA-256: 452cabd93a078f9ce070380794332d01a6d30f846f718dc752dbc6a395ead3e9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
mysql-4.1.20-1.RHEL4.1.src.rpm	SHA-256: bae5f5cc3f87ec6dbec4347a8bddeb67792cc0b102255a81f52cd112b213de5b
s390x
mysql-4.1.20-1.RHEL4.1.s390.rpm	SHA-256: 2b220b8cb208d87f12605fcb7092f19290657870a670fd6761c272ef444e5a32
mysql-4.1.20-1.RHEL4.1.s390x.rpm	SHA-256: e774d3da87dd4a355197a467a56adefb71138ab90dd5c09a9d337ff9c47a3367
mysql-bench-4.1.20-1.RHEL4.1.s390x.rpm	SHA-256: d309e082569b8b915923932bb5959f77a4351170fe961de3dad1d8ed7831989f
mysql-devel-4.1.20-1.RHEL4.1.s390x.rpm	SHA-256: ebe5ae42521984376603ac25427bc194fd8ba8d5d1bf2cd484902640bc1fa07f
mysql-server-4.1.20-1.RHEL4.1.s390x.rpm	SHA-256: 6c7707fbaeee18fc08e362c00cd17e911731502330517296295df099c403c399
s390
mysql-4.1.20-1.RHEL4.1.s390.rpm	SHA-256: 2b220b8cb208d87f12605fcb7092f19290657870a670fd6761c272ef444e5a32
mysql-bench-4.1.20-1.RHEL4.1.s390.rpm	SHA-256: 031dc8068a4a54d417a22b64b76fc432623ddd83a3c70af5fc91ac4fce75d1ee
mysql-devel-4.1.20-1.RHEL4.1.s390.rpm	SHA-256: cb740ca41f5f8ea650a260321bd44eba273c5e468820dda384c3a98017ba67fe
mysql-server-4.1.20-1.RHEL4.1.s390.rpm	SHA-256: 534274379f4d105998198983b59e35f953173137dcbfbbc78a210dac758126f8

Red Hat Enterprise Linux for Power, big endian 4

SRPM
mysql-4.1.20-1.RHEL4.1.src.rpm	SHA-256: bae5f5cc3f87ec6dbec4347a8bddeb67792cc0b102255a81f52cd112b213de5b
ppc
mysql-4.1.20-1.RHEL4.1.ppc.rpm	SHA-256: 4ac6cca9b60495e8294fb416e28d3ddc640944c443ac8adbf666a68761ef5a2e
mysql-4.1.20-1.RHEL4.1.ppc64.rpm	SHA-256: bf6bf751eb5b3ec8e214a282203304e662405fdbf78dc542f69ad81372f05c4f
mysql-bench-4.1.20-1.RHEL4.1.ppc.rpm	SHA-256: a9c5f05f56ad55f13aa7af26a26030dd4b35f83351a2168875e2fa4f5191baae
mysql-devel-4.1.20-1.RHEL4.1.ppc.rpm	SHA-256: b88c47f4e61b178ea68e130b480b44f7afb41b67f4a31dc373355b9ff2e9e47e
mysql-server-4.1.20-1.RHEL4.1.ppc.rpm	SHA-256: 9b868068f0f45edadef541619adfb4eae25202a572ef7126da1d86598a888fcc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories