[SECURITY] Fedora 13 Update: mysql-5.1.47-1.fc13

updates at fedoraproject.org updates at fedoraproject.org
Mon Jun 7 22:30:37 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-9016
2010-05-25 18:09:49
--------------------------------------------------------------------------------

Name        : mysql
Product     : Fedora 13
Version     : 5.1.47
Release     : 1.fc13
URL         : http://www.mysql.com
Summary     : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

--------------------------------------------------------------------------------
Update Information:

Update to MySQL 5.1.47, for various fixes described at
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html  including fixes for
CVE-2010-1848, CVE-2010-1849, CVE-2010-1850    In F13, also create mysql group
explicitly in pre-server script, to ensure correct GID
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 24 2010 Tom Lane <tgl at redhat.com> 5.1.47-1
- Update to MySQL 5.1.47, for various fixes described at
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
  including fixes for CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
Resolves: #592862
Resolves: #583717
- Create mysql group explicitly in pre-server script, to ensure correct GID
Related: #594155
* Sat Apr 24 2010 Tom Lane <tgl at redhat.com> 5.1.46-1
- Update to MySQL 5.1.46, for various fixes described at
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #592079 - CVE-2010-1848 mysql: multiple insufficient table name checks
        https://bugzilla.redhat.com/show_bug.cgi?id=592079
  [ 2 ] Bug #592086 - CVE-2010-1849 mysql: over-sized packet denial of service vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=592086
  [ 3 ] Bug #592091 - CVE-2010-1850 mysql: COM_FIELD_LIST table name buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=592091
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mysql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list