Red Hat Product Errata RHSA-2010:0109 - Security Advisory

Issued:: 2010-02-16
Updated:: 2010-02-16

RHSA-2010:0109 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: mysql security update

Type/Severity

Security Advisory: Moderate

Topic

Updated mysql packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

It was discovered that the MySQL client ignored certain SSL certificate
verification errors when connecting to servers. A man-in-the-middle
attacker could use this flaw to trick MySQL clients into connecting to a
spoofed MySQL server. (CVE-2009-4028)

Note: This fix may uncover previously hidden SSL configuration issues, such
as incorrect CA certificates being used by clients or expired server
certificates. This update should be carefully tested in deployments where
SSL connections are used.

A flaw was found in the way MySQL handled SELECT statements with subqueries
in the WHERE clause, that assigned results to a user variable. A remote,
authenticated attacker could use this flaw to crash the MySQL server daemon
(mysqld). This issue only caused a temporary denial of service, as the
MySQL daemon was automatically restarted after the crash. (CVE-2009-4019)

When the "datadir" option was configured with a relative path, MySQL did
not properly check paths used as arguments for the DATA DIRECTORY and INDEX
DIRECTORY directives. An authenticated attacker could use this flaw to
bypass the restriction preventing the use of subdirectories of the MySQL
data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths.
(CVE-2009-4030)

Note: Due to the security risks and previous security issues related to the
use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not
depending on this feature should consider disabling it by adding
"symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configuration
file. In this update, an example of such a configuration was added to the
default "my.cnf" file.

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 540906 - CVE-2009-4019 mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable
BZ - 541233 - CVE-2009-4028 mysql: client SSL certificate verification flaw
BZ - 543653 - CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
mysql-5.0.77-4.el5_4.2.src.rpm	SHA-256: 5c702681a0049b05c5d5bfc40d398e31260e8143fcbe33464d7323bd789c5172
x86_64
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 08393fafbb93187e0df023d8a3ca188ee9906bcad2adfc4821c8fd32e8bdd397
mysql-bench-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 90ccf78dde18113ffc1ccaec2ac4abb34fcff3c07593235534e4811f88942882
mysql-devel-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 234754d300341dee751930336894a1df0def3fd3e49d2a2b00d144f98f6bc2fd
mysql-devel-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 23b66b12fbebc78659c6d72d470db37849e33d6f7a71c0031c0c1ac9515f0944
mysql-server-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 7442878121550a98969fdb2f17e7475911fa3b6e19ededd13bbeaab0fc8a8368
mysql-test-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 02f10c3dd9858c88523899c78b71ce52fcbf21150b0a2e2cd8547be0beb68652
ia64
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-5.0.77-4.el5_4.2.ia64.rpm	SHA-256: 3028b49add960271d3e515fe46d0dc52f081cca546ee3127be658df7804e4238
mysql-bench-5.0.77-4.el5_4.2.ia64.rpm	SHA-256: b3ff962c78d9edcd5b48816a991206e0df9c95c0264c51d29edb561eb2e430f4
mysql-devel-5.0.77-4.el5_4.2.ia64.rpm	SHA-256: b0c86efba161dfdb1322ba05d347fc81d857e1535769e597b65a0b85f8fa47b9
mysql-server-5.0.77-4.el5_4.2.ia64.rpm	SHA-256: 541d77c0f26c8e131d210a6b71ef53c7b698860645cb1300f60b249de2c4e752
mysql-test-5.0.77-4.el5_4.2.ia64.rpm	SHA-256: 62e6069b8ca54e3d072f833acc8a3f23045770933f2c2734121bbf1c3a4e1599
i386
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-bench-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 65453af0e9806b90b2676dc8860eb4a6a9083bb65579f0a52e7d12151662690a
mysql-devel-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 234754d300341dee751930336894a1df0def3fd3e49d2a2b00d144f98f6bc2fd
mysql-server-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 91fccb9b760928c2c014ae08cdbf59db8ec7f1cc5bb18d626f5b3b3e66c9b063
mysql-test-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 8acbd8662d38103bef8f63c83de378d84c5ef795d5ad1d5ae18c815978591bf7

Red Hat Enterprise Linux Workstation 5

SRPM
mysql-5.0.77-4.el5_4.2.src.rpm	SHA-256: 5c702681a0049b05c5d5bfc40d398e31260e8143fcbe33464d7323bd789c5172
x86_64
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 08393fafbb93187e0df023d8a3ca188ee9906bcad2adfc4821c8fd32e8bdd397
mysql-bench-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 90ccf78dde18113ffc1ccaec2ac4abb34fcff3c07593235534e4811f88942882
mysql-devel-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 234754d300341dee751930336894a1df0def3fd3e49d2a2b00d144f98f6bc2fd
mysql-devel-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 23b66b12fbebc78659c6d72d470db37849e33d6f7a71c0031c0c1ac9515f0944
mysql-server-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 7442878121550a98969fdb2f17e7475911fa3b6e19ededd13bbeaab0fc8a8368
mysql-test-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 02f10c3dd9858c88523899c78b71ce52fcbf21150b0a2e2cd8547be0beb68652
i386
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-bench-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 65453af0e9806b90b2676dc8860eb4a6a9083bb65579f0a52e7d12151662690a
mysql-devel-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 234754d300341dee751930336894a1df0def3fd3e49d2a2b00d144f98f6bc2fd
mysql-server-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 91fccb9b760928c2c014ae08cdbf59db8ec7f1cc5bb18d626f5b3b3e66c9b063
mysql-test-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 8acbd8662d38103bef8f63c83de378d84c5ef795d5ad1d5ae18c815978591bf7

Red Hat Enterprise Linux Desktop 5

SRPM
mysql-5.0.77-4.el5_4.2.src.rpm	SHA-256: 5c702681a0049b05c5d5bfc40d398e31260e8143fcbe33464d7323bd789c5172
x86_64
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 08393fafbb93187e0df023d8a3ca188ee9906bcad2adfc4821c8fd32e8bdd397
i386
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
mysql-5.0.77-4.el5_4.2.src.rpm	SHA-256: 5c702681a0049b05c5d5bfc40d398e31260e8143fcbe33464d7323bd789c5172
s390x
mysql-5.0.77-4.el5_4.2.s390.rpm	SHA-256: 56e3858b3001d1423d1b4fbd7baae47148590a0984c9b1f9ccdf320f457557aa
mysql-5.0.77-4.el5_4.2.s390x.rpm	SHA-256: b82b1fd080c623077b88da95954005e176f09ff5b9ccf75331d9db081d896184
mysql-bench-5.0.77-4.el5_4.2.s390x.rpm	SHA-256: c236f81bf0cff4fc75be40d9748aa0ff8b2e16739c54f5859c4b2112d730bc3c
mysql-devel-5.0.77-4.el5_4.2.s390.rpm	SHA-256: 182da7099e2d0735f1be7305d27a2cf857b0607a4534f7e92fed5539c4e3de2a
mysql-devel-5.0.77-4.el5_4.2.s390x.rpm	SHA-256: fac2eb37a43eae61fd52761b80cad74a4633ff01f3bf08c51c020f15369a54c9
mysql-server-5.0.77-4.el5_4.2.s390x.rpm	SHA-256: c012239ebd61b51880e5d1c1ec6f7789101a22e1a1f65e389497b796a28d2b4e
mysql-test-5.0.77-4.el5_4.2.s390x.rpm	SHA-256: 9a9c01c6f9e36daa3ec3dd29808bdb9da84cfdfda991494b2cda587013828210

Red Hat Enterprise Linux for Power, big endian 5

SRPM
mysql-5.0.77-4.el5_4.2.src.rpm	SHA-256: 5c702681a0049b05c5d5bfc40d398e31260e8143fcbe33464d7323bd789c5172
ppc
mysql-5.0.77-4.el5_4.2.ppc.rpm	SHA-256: 64f609ee54372180262cf03ecc1ffc9a26110902e1123471f9a8bf1e63b198ac
mysql-5.0.77-4.el5_4.2.ppc64.rpm	SHA-256: cafd57e7051c0333ff9a4d67b67a05b3b54aa29485c67e051972ae46547c8ad6
mysql-bench-5.0.77-4.el5_4.2.ppc.rpm	SHA-256: b20c69958d04a4b0ab744205140c2f790c955d3a17bfd53c612e24049fb02207
mysql-devel-5.0.77-4.el5_4.2.ppc.rpm	SHA-256: 2bcacb1f4106d615b355e06ef02ed81df2f71308ccead0f38d7e633c6b0f5295
mysql-devel-5.0.77-4.el5_4.2.ppc64.rpm	SHA-256: 23cc80148f4de9038cb7a588643a6304b336b34d311e1ae8678b146e66d993a5
mysql-server-5.0.77-4.el5_4.2.ppc.rpm	SHA-256: 5dc7a0f95b1f48585542a782fc28a83846e971aefa5892c82845c2f47a791893
mysql-server-5.0.77-4.el5_4.2.ppc64.rpm	SHA-256: 6e00468bfd683b8f8b593c0a18182c6aa0052b0eaa56f6b67d02439c8dcd4a7d
mysql-test-5.0.77-4.el5_4.2.ppc.rpm	SHA-256: a206bf829074b3ebbf127987083437f7401a236427a52d11a051601783a98898

Red Hat Enterprise Linux Server from RHUI 5

SRPM
mysql-5.0.77-4.el5_4.2.src.rpm	SHA-256: 5c702681a0049b05c5d5bfc40d398e31260e8143fcbe33464d7323bd789c5172
x86_64
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 08393fafbb93187e0df023d8a3ca188ee9906bcad2adfc4821c8fd32e8bdd397
mysql-bench-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 90ccf78dde18113ffc1ccaec2ac4abb34fcff3c07593235534e4811f88942882
mysql-devel-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 234754d300341dee751930336894a1df0def3fd3e49d2a2b00d144f98f6bc2fd
mysql-devel-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 23b66b12fbebc78659c6d72d470db37849e33d6f7a71c0031c0c1ac9515f0944
mysql-server-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 7442878121550a98969fdb2f17e7475911fa3b6e19ededd13bbeaab0fc8a8368
mysql-test-5.0.77-4.el5_4.2.x86_64.rpm	SHA-256: 02f10c3dd9858c88523899c78b71ce52fcbf21150b0a2e2cd8547be0beb68652
i386
mysql-5.0.77-4.el5_4.2.i386.rpm	SHA-256: ce217c447f27ee0e9b6646670bc44f494aae75ede930f8b69d479ef183cf5511
mysql-bench-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 65453af0e9806b90b2676dc8860eb4a6a9083bb65579f0a52e7d12151662690a
mysql-devel-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 234754d300341dee751930336894a1df0def3fd3e49d2a2b00d144f98f6bc2fd
mysql-server-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 91fccb9b760928c2c014ae08cdbf59db8ec7f1cc5bb18d626f5b3b3e66c9b063
mysql-test-5.0.77-4.el5_4.2.i386.rpm	SHA-256: 8acbd8662d38103bef8f63c83de378d84c5ef795d5ad1d5ae18c815978591bf7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories