Fedora Legacy Test Update Notification: mysql

Wed Nov 30 01:25:29 UTC 2005

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-167803
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167803
2005-11-29
---------------------------------------------------------------------

Name        : mysql
Versions    : rh7.3: mysql-3.23.58-1.73.8.legacy
Versions    : rh9: mysql-3.23.58-1.90.9.legacy
Versions    : fc1: mysql-3.23.58-4.6.legacy
Versions    : fc2: mysql-3.23.58-16.FC2.3.legacy
Summary     : The MySQL server and related files.
Description :
MySQL is a true multi-user, multi-threaded SQL database server. MySQL
is a client/server implementation that consists of a server daemon
(mysqld) and many different client programs and libraries. This
package contains the MySQL server and some accompanying files and
directories.

---------------------------------------------------------------------
Update Information:

Updated mysql packages that fix a security issue are now available.

MySQL is a multi-user, multi-threaded SQL database server.

Reid Borsuk discovered a buffer overflow in the MySQL init_syms()
function. A user with the ability to create and execute a user
defined function could potentially execute arbitrary code on the MySQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-2558 to this issue.

This release fixes two additional problems. A regression was introduced
in a patch included in the previous MySQL packages that resulted in
queries performing a DELETE without a WHERE failing on ISAM tables.
Also, the MySQL init script was improved to allow the MySQL service to
restart properly during upgrades.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Nov 28 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.73.8.legacy
- Fixed typo in init script

* Sat Nov 26 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.73.7.legacy
- Updated init script (#172426) (#152531)
- Updated security2 patch to fix DELETE without WHERE issue (#168542)
- Added patch to fix CVE-2005-2558

rh9:
* Mon Nov 28 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.90.9.legacy
- Fixed typo in init script

* Sat Nov 26 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.90.8.legacy
- Updated init script (#172426) (#152531)

* Sun Nov 20 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-1.90.7.legacy
- Updated security2 patch to fix DELETE without WHERE issue (#168542)
- Added patch to fix CVE-2005-2558

fc1:
* Tue Nov 29 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-4.6.legacy
- Fixed typo in init script

* Sat Nov 26 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-4.5.legacy
- Updated init script (#172426) (#152531)
- Updated security2 patch to fix DELETE without WHERE issue (#168542)
- Added patch to fix CVE-2005-2558

fc2:
* Tue Nov 29 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-16.FC2.3.legacy
- Fixed typo in init script

* Sat Nov 26 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.23.58-16.FC2.2.legacy
- Updated init script (#172426) (#152531)
- Updated security2 patch to fix DELETE without WHERE issue (#168542)
- Added patch to fix CVE-2005-2558

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
95a3829a3dff72c4d411e0aef92904382bc5bdf0
redhat/7.3/updates-testing/i386/mysql-3.23.58-1.73.8.legacy.i386.rpm
77d968e0038c539dbcba7c3022a2a6f85a51c884
redhat/7.3/updates-testing/i386/mysql-devel-3.23.58-1.73.8.legacy.i386.rpm
906a3990e57c3b95fa75150a2905f09234a4c9ac
redhat/7.3/updates-testing/i386/mysql-server-3.23.58-1.73.8.legacy.i386.rpm
4ab25f651faff3f7f7f57c14c427b3380dc8701f
redhat/7.3/updates-testing/SRPMS/mysql-3.23.58-1.73.8.legacy.src.rpm

rh9:
70f2943ec073a23cb596bfcc7fe1262410bf5b18
redhat/9/updates-testing/i386/mysql-3.23.58-1.90.9.legacy.i386.rpm
4b640a5f12088f1d4de93f19a5f1bf817df32599
redhat/9/updates-testing/i386/mysql-devel-3.23.58-1.90.9.legacy.i386.rpm
90f923a4d29a3aab8884b327ebe1d82e11b0e1f9
redhat/9/updates-testing/i386/mysql-server-3.23.58-1.90.9.legacy.i386.rpm
603a0a915b2415a2b32da73be9f155aaa5e2c8ba
redhat/9/updates-testing/SRPMS/mysql-3.23.58-1.90.9.legacy.src.rpm

fc1:
264c90e5f71b15bd1c416587a36a209a020a4cff
fedora/1/updates-testing/i386/mysql-3.23.58-4.6.legacy.i386.rpm
0b39c15da8705ea47fed4dbfcac4eaac22b0b909
fedora/1/updates-testing/i386/mysql-bench-3.23.58-4.6.legacy.i386.rpm
c3d5d996da0ce7e1472ba7a108cc8d710ee46192
fedora/1/updates-testing/i386/mysql-devel-3.23.58-4.6.legacy.i386.rpm
8a1acfa5a416a22a285cc219eed0ef0b904eb784
fedora/1/updates-testing/i386/mysql-server-3.23.58-4.6.legacy.i386.rpm
bb9a8da7fe794c6d919416c1746bd2c143defeb7
fedora/1/updates-testing/SRPMS/mysql-3.23.58-4.6.legacy.src.rpm

fc2:
242577abc7a4705586e1ac9c892997d12c51e1bd
fedora/2/updates-testing/i386/mysql-3.23.58-16.FC2.3.legacy.i386.rpm
5279aa559e950ab8d9e64fc8b2fe002d376cc0c3
fedora/2/updates-testing/i386/mysql-bench-3.23.58-16.FC2.3.legacy.i386.rpm
9d30ecae7a1f73862b25d06f3e87e3677144c045
fedora/2/updates-testing/i386/mysql-devel-3.23.58-16.FC2.3.legacy.i386.rpm
9346371f4b58845bae1d166e8b393d18b85b4479
fedora/2/updates-testing/i386/mysql-server-3.23.58-16.FC2.3.legacy.i386.rpm
842aa0b00a7e9b96e60742785ff2e574b39a94e0
fedora/2/updates-testing/SRPMS/mysql-3.23.58-16.FC2.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051129/795a922f/attachment.sig>