Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2009:1289 - Security Advisory
Issued:
2009-09-02
Updated:
2009-09-02

RHSA-2009:1289 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: mysql security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated mysql packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

MySQL did not correctly check directories used as arguments for the DATA
DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated
attacker could elevate their access privileges to tables created by other
database users. Note: This attack does not work on existing tables. An
attacker can only elevate their access to another user's tables as the
tables are created. As well, the names of these created tables need to be
predicted correctly for this attack to succeed. (CVE-2008-2079)

A flaw was found in the way MySQL handles an empty bit-string literal. A
remote, authenticated attacker could crash the MySQL server daemon (mysqld)
if they used an empty bit-string literal in an SQL statement. This issue
only caused a temporary denial of service, as the MySQL daemon was
automatically restarted after the crash. (CVE-2008-3963)

An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)

Multiple format string flaws were found in the way the MySQL server logs
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specifically-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)

Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
"--log" command line option or the "log" option in "/etc/my.cnf") must be
enabled. This logging is not enabled by default.

This update also fixes multiple bugs. Details regarding these bugs can be
found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a
link to the Technical Notes in the References section of this errata.

Note: These updated packages upgrade MySQL to version 5.0.77 to incorporate
numerous upstream bug fixes. Details of these changes are found in the
following MySQL Release Notes:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html

All MySQL users are advised to upgrade to these updated packages, which
resolve these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 435494 - Timeout error starting MySQL when using non-default socket file value (fix provided)
  • BZ - 445222 - CVE-2008-2079 mysql: privilege escalation via DATA/INDEX DIRECTORY directives
  • BZ - 448534 - upgrade to RHEL5.2 - breaks mysql replication between MasterDB and Slave
  • BZ - 450178 - Somewhat dubious code in mysqld init.d script
  • BZ - 452824 - mysql-server crash permanently
  • BZ - 453156 - DATE function used in WHERE clause - broken
  • BZ - 455619 - tmpdir variable not honored for internally created temporary tables
  • BZ - 457218 - 'Explicit or implicit commit' error/server crash with concurrent transactions
  • BZ - 462071 - CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
  • BZ - 462534 - SQL Config files should not be read more than once
  • BZ - 466518 - CVE-2008-4456 mysql: mysql command line client XSS flaw
  • BZ - 470036 - Got query result when using ORDER BY ASC, but empty result when using DESC
  • BZ - 476896 - CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
  • BZ - 511020 - CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)

CVEs

  • CVE-2008-2079
  • CVE-2008-3963
  • CVE-2008-4456
  • CVE-2009-2446

References

  • http://www.redhat.com/security/updates/classification/#moderate
  • http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/mysql.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
mysql-5.0.77-3.el5.src.rpm SHA-256: 4524c275ff42fb8dc45ae117dafb971db3597c3800e4f2d356220ba5308c6413
x86_64
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-5.0.77-3.el5.x86_64.rpm SHA-256: 235cd61acccc33d63591428adc21f349a4b7f248dde7968b2e12d29a5cbe28d4
mysql-bench-5.0.77-3.el5.x86_64.rpm SHA-256: 4f468b059b2bfd9f1489ba544d8d7a98e330a68aa513d08d5de41930763a6f90
mysql-devel-5.0.77-3.el5.i386.rpm SHA-256: f7e33542dad1783df038b48878a92e122b6a05124684bee60cb20dde9a7769c7
mysql-devel-5.0.77-3.el5.x86_64.rpm SHA-256: 45069dd23d583aa54e017dc11429b4ee81b3341ce82dc43d656d85670a4a6626
mysql-server-5.0.77-3.el5.x86_64.rpm SHA-256: 2d4f720e89f836c3b63c2ee9dab5472f3169df0d1da128a19166483adf80f702
mysql-test-5.0.77-3.el5.x86_64.rpm SHA-256: 35276f08a3a9712070f6e6f204ee1a74c537701d4aa7f833ca3a171ae0778787
ia64
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-5.0.77-3.el5.ia64.rpm SHA-256: 17c0cf66e50622f0d37c4f2bb49a308f5506b5feb89eb4559e192d095c73ded5
mysql-bench-5.0.77-3.el5.ia64.rpm SHA-256: f4421c1567e6fe84226889c71d82654c996081e16d59ad8c97753701990bf2d3
mysql-devel-5.0.77-3.el5.ia64.rpm SHA-256: 6d3655c933c4b1f24c23cb4ab562c4124ffb437324db86e40f8d62f21e07c3cb
mysql-server-5.0.77-3.el5.ia64.rpm SHA-256: f11e120e92d009239bded9bdfb4763ccfc8b66969023c1c91ae5eff021e746be
mysql-test-5.0.77-3.el5.ia64.rpm SHA-256: 6aa7560faff1856b555aa5dad1f3c72b94108fdab7a5db9a46110d16d7fe550d
i386
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-bench-5.0.77-3.el5.i386.rpm SHA-256: 436566af57c08fb9663a4deeadf8c9f4ff3da95d6a17dcfc6c0caa467f099b2c
mysql-devel-5.0.77-3.el5.i386.rpm SHA-256: f7e33542dad1783df038b48878a92e122b6a05124684bee60cb20dde9a7769c7
mysql-server-5.0.77-3.el5.i386.rpm SHA-256: 603d003ad004e7d22b37336b022ab19077920efd125a1fba21fd9fbcfdafc61b
mysql-test-5.0.77-3.el5.i386.rpm SHA-256: 8f3cb411a85b837146a758899ebc942eb29890add76508acac404c37ba80a36d

Red Hat Enterprise Linux Workstation 5

SRPM
mysql-5.0.77-3.el5.src.rpm SHA-256: 4524c275ff42fb8dc45ae117dafb971db3597c3800e4f2d356220ba5308c6413
x86_64
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-5.0.77-3.el5.x86_64.rpm SHA-256: 235cd61acccc33d63591428adc21f349a4b7f248dde7968b2e12d29a5cbe28d4
mysql-bench-5.0.77-3.el5.x86_64.rpm SHA-256: 4f468b059b2bfd9f1489ba544d8d7a98e330a68aa513d08d5de41930763a6f90
mysql-devel-5.0.77-3.el5.i386.rpm SHA-256: f7e33542dad1783df038b48878a92e122b6a05124684bee60cb20dde9a7769c7
mysql-devel-5.0.77-3.el5.x86_64.rpm SHA-256: 45069dd23d583aa54e017dc11429b4ee81b3341ce82dc43d656d85670a4a6626
mysql-server-5.0.77-3.el5.x86_64.rpm SHA-256: 2d4f720e89f836c3b63c2ee9dab5472f3169df0d1da128a19166483adf80f702
mysql-test-5.0.77-3.el5.x86_64.rpm SHA-256: 35276f08a3a9712070f6e6f204ee1a74c537701d4aa7f833ca3a171ae0778787
i386
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-bench-5.0.77-3.el5.i386.rpm SHA-256: 436566af57c08fb9663a4deeadf8c9f4ff3da95d6a17dcfc6c0caa467f099b2c
mysql-devel-5.0.77-3.el5.i386.rpm SHA-256: f7e33542dad1783df038b48878a92e122b6a05124684bee60cb20dde9a7769c7
mysql-server-5.0.77-3.el5.i386.rpm SHA-256: 603d003ad004e7d22b37336b022ab19077920efd125a1fba21fd9fbcfdafc61b
mysql-test-5.0.77-3.el5.i386.rpm SHA-256: 8f3cb411a85b837146a758899ebc942eb29890add76508acac404c37ba80a36d

Red Hat Enterprise Linux Desktop 5

SRPM
mysql-5.0.77-3.el5.src.rpm SHA-256: 4524c275ff42fb8dc45ae117dafb971db3597c3800e4f2d356220ba5308c6413
x86_64
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-5.0.77-3.el5.x86_64.rpm SHA-256: 235cd61acccc33d63591428adc21f349a4b7f248dde7968b2e12d29a5cbe28d4
i386
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
mysql-5.0.77-3.el5.src.rpm SHA-256: 4524c275ff42fb8dc45ae117dafb971db3597c3800e4f2d356220ba5308c6413
s390x
mysql-5.0.77-3.el5.s390.rpm SHA-256: d684e51443431f515ad5b388f2358dfc1c5852c31dc7279ac799bb2ff0ceaad2
mysql-5.0.77-3.el5.s390x.rpm SHA-256: c6384aa11b3b0728fe0f3eebe66b382eff45c0e11efaee43ba04477eca6de2e8
mysql-bench-5.0.77-3.el5.s390x.rpm SHA-256: d38aefd4fa3c2dcf3c6e259fc6e4bbc7f4b5f475634b552855ca5fd7de248694
mysql-devel-5.0.77-3.el5.s390.rpm SHA-256: e638cc4449681fa6148749dc2ada822c73c2cb908c7d6dc5506e6d02dce15504
mysql-devel-5.0.77-3.el5.s390x.rpm SHA-256: aee0b4a1cf42de00ded100e42f2891de50c4f42ea0f310549648bb2ab52fa651
mysql-server-5.0.77-3.el5.s390x.rpm SHA-256: f082bfd4cfcf331e9f844a47a610db4a977b3b902a725892452dbc3886a798bb
mysql-test-5.0.77-3.el5.s390x.rpm SHA-256: fdf8dd4fa07ad8d9f96eb81beae7f4ce092a6b6ef01302be46e3f4aaa8f0d792

Red Hat Enterprise Linux for Power, big endian 5

SRPM
mysql-5.0.77-3.el5.src.rpm SHA-256: 4524c275ff42fb8dc45ae117dafb971db3597c3800e4f2d356220ba5308c6413
ppc
mysql-5.0.77-3.el5.ppc.rpm SHA-256: be77db4d6b3c82e9ca3926adc407ee36f4f7c019a9468ef86ce3c4d9e63aad3e
mysql-5.0.77-3.el5.ppc64.rpm SHA-256: 42faf4eebd99a668e694c95aed782a6262c630fd641deaf2e8ffe5019f3be152
mysql-bench-5.0.77-3.el5.ppc.rpm SHA-256: 0bab841b7d4c474d6d4177f7142f76e782943bdef40668dfe98e2e70f916900d
mysql-devel-5.0.77-3.el5.ppc.rpm SHA-256: 8586bc6ccc9a03a03bb6b211a753205fba06bb8d22046d5ee878b33fd73670bd
mysql-devel-5.0.77-3.el5.ppc64.rpm SHA-256: fc976d2bb977a9910d3b8a96249cf5b2795fc2c6a21be0a799dc3455373a89a4
mysql-server-5.0.77-3.el5.ppc.rpm SHA-256: eb63b12677453aa1b5bcfc36e445074291d05de961258c27c60bc57fe1c344c7
mysql-server-5.0.77-3.el5.ppc64.rpm SHA-256: b32ac06494eb468c4d65f0a9eb4a85afdb662b4fb4b398200524cb1f24c1bbe0
mysql-test-5.0.77-3.el5.ppc.rpm SHA-256: 1087ff3a3c6e5c01660014487c7b55eda36ebe6ce873d381ebbf3dbfd63bc511

Red Hat Enterprise Linux Server from RHUI 5

SRPM
mysql-5.0.77-3.el5.src.rpm SHA-256: 4524c275ff42fb8dc45ae117dafb971db3597c3800e4f2d356220ba5308c6413
x86_64
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-5.0.77-3.el5.x86_64.rpm SHA-256: 235cd61acccc33d63591428adc21f349a4b7f248dde7968b2e12d29a5cbe28d4
mysql-bench-5.0.77-3.el5.x86_64.rpm SHA-256: 4f468b059b2bfd9f1489ba544d8d7a98e330a68aa513d08d5de41930763a6f90
mysql-devel-5.0.77-3.el5.i386.rpm SHA-256: f7e33542dad1783df038b48878a92e122b6a05124684bee60cb20dde9a7769c7
mysql-devel-5.0.77-3.el5.x86_64.rpm SHA-256: 45069dd23d583aa54e017dc11429b4ee81b3341ce82dc43d656d85670a4a6626
mysql-server-5.0.77-3.el5.x86_64.rpm SHA-256: 2d4f720e89f836c3b63c2ee9dab5472f3169df0d1da128a19166483adf80f702
mysql-test-5.0.77-3.el5.x86_64.rpm SHA-256: 35276f08a3a9712070f6e6f204ee1a74c537701d4aa7f833ca3a171ae0778787
i386
mysql-5.0.77-3.el5.i386.rpm SHA-256: 06b0865b0d13bb28bfae0876285dc6fc487f31017d0424965046efb8e7a11ffb
mysql-bench-5.0.77-3.el5.i386.rpm SHA-256: 436566af57c08fb9663a4deeadf8c9f4ff3da95d6a17dcfc6c0caa467f099b2c
mysql-devel-5.0.77-3.el5.i386.rpm SHA-256: f7e33542dad1783df038b48878a92e122b6a05124684bee60cb20dde9a7769c7
mysql-server-5.0.77-3.el5.i386.rpm SHA-256: 603d003ad004e7d22b37336b022ab19077920efd125a1fba21fd9fbcfdafc61b
mysql-test-5.0.77-3.el5.i386.rpm SHA-256: 8f3cb411a85b837146a758899ebc942eb29890add76508acac404c37ba80a36d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility