- 论坛徽章:
- 1
|
Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1625
Security Advisory - RHSA-2003:093-14
------------------------------------------------------------------------------
Summary:
Updated MySQL packages fix vulnerabilities
Updated MySQL server packages fix both a double-free security
vulnerability and a root exploit security vulnerability.
[Updated 1 May 2003]
Added updated packages for Red Hat Linux 9, which is vulnerable to
CAN-2003-0150.
Description:
MySQL is a multi-user, multi-threaded SQL database server.
A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash) by
creating a carefully crafted client application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0073 to this issue.
MySQL 3.23.55 and earlier creates world-writable files and allows mysql
users to gain root privileges by using the "SELECT * INFO OUTFILE" operator
to overwrite a configuration file and cause mysql to run as root upon
restart. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0150 to this issue.
All users are advised to upgrade to MySQL 3.23.56 contained within this
errata which is not vulnerable to these issues.
In addition to the security fixes, these erratum packages contain a
thread safe client library (libmysqlclient_r).
References:
http://www.mysql.com/doc/en/News-3.23.55.html
http://www.mysql.com/doc/en/News-3.23.56.html
------------------------------------------------------------------------------
-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:
- select your server name by clicking on its name from the list
available at the following location, and then schedule an
errata update for it:
https://rhn.redhat.com/network/systemlist/system_list.pxt
- run the Update Agent on each affected server.
---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the " references" tab.
URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt
You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.
----------------
Affected Systems
----------------
According to our records, this errata may apply to one or more of the
systems that you've profiled with Red Hat Network. To see precisely which
systems are affected, please go to:
https://rhn.redhat.com/network/errata/systems_affected.pxt?eid=1625
The Red Hat Network Team
This message is being sent by Red Hat Network Alert to:
RHN user login:
Email address on file: <>;
If you lost your RHN password, you can use the information above to
retrieve it by email from the following address:
https://rhn.redhat.com/forgot_password.pxt
To cancel these notices, go to:
https://rhn.redhat.com/oo.pxt?uid=2362914&oid=2920218 |
|
免费注册
发表于 2003-05-06 10:02