rhsa-2007_0894
Vulnerability from csaf_redhat
Published
2007-09-10 15:37
Modified
2024-11-05 16:47
Summary
Red Hat Security Advisory: mysql security update
Notes
Topic
Updated MySQL packages for the Red Hat Application Stack comprising the v1.2
release fixed various security issues.
The security issues in this errata are rated as having important security
impact by the Red Hat Security Response Team.
Details
On the 23rd August 2007, Red Hat Application Stack v1.2 was released. This
release contained a new version of MySQL that corrected several security
issues found in the MySQL packages of Red Hat Application Stack v1.1.
Users who have already updated to Red Hat Application Stack v1.2 will
already have the new MySQL packages and are not affected by these issues.
A flaw was discovered in MySQL's authentication protocol. A remote
unauthenticated attacker could send a specially crafted authentication
request to the MySQL server causing it to crash. (CVE-2007-3780)
MySQL did not require privileges such as SELECT for the source table in a
CREATE TABLE LIKE statement. A remote authenticated user could obtain
sensitive information such as the table structure. (CVE-2007-3781)
A flaw was discovered in MySQL that allowed remote authenticated
users to gain update privileges for a table in another database via a view
that refers to the external table (CVE-2007-3782).
A flaw was discovered in the mysql_change_db function when returning from
SQL SECURITY INVOKER stored routines. A remote authenticated user could
use this flaw to gain database privileges. (CVE-2007-2692)
MySQL did not require the DROP privilege for RENAME TABLE statements. A
remote authenticated users could use this flaw to rename arbitrary tables.
(CVE-2007-2691)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated MySQL packages for the Red Hat Application Stack comprising the v1.2\nrelease fixed various security issues.\n\nThe security issues in this errata are rated as having important security\nimpact by the Red Hat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "On the 23rd August 2007, Red Hat Application Stack v1.2 was released. This\nrelease contained a new version of MySQL that corrected several security\nissues found in the MySQL packages of Red Hat Application Stack v1.1.\n\nUsers who have already updated to Red Hat Application Stack v1.2 will\nalready have the new MySQL packages and are not affected by these issues.\n\nA flaw was discovered in MySQL\u0027s authentication protocol. A remote\nunauthenticated attacker could send a specially crafted authentication\nrequest to the MySQL server causing it to crash. (CVE-2007-3780)\n\nMySQL did not require privileges such as SELECT for the source table in a\nCREATE TABLE LIKE statement. A remote authenticated user could obtain\nsensitive information such as the table structure. (CVE-2007-3781)\n\nA flaw was discovered in MySQL that allowed remote authenticated\nusers to gain update privileges for a table in another database via a view\nthat refers to the external table (CVE-2007-3782).\n\nA flaw was discovered in the mysql_change_db function when returning from\nSQL SECURITY INVOKER stored routines. A remote authenticated user could\nuse this flaw to gain database privileges. (CVE-2007-2692)\n\nMySQL did not require the DROP privilege for RENAME TABLE statements. A\nremote authenticated users could use this flaw to rename arbitrary tables.\n(CVE-2007-2691)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2007:0894",
"url": "https://access.redhat.com/errata/RHSA-2007:0894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHEA-2007-0842.html",
"url": "https://rhn.redhat.com/errata/RHEA-2007-0842.html"
},
{
"category": "external",
"summary": "241688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=241688"
},
{
"category": "external",
"summary": "241689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=241689"
},
{
"category": "external",
"summary": "248553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248553"
},
{
"category": "external",
"summary": "254108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0894.json"
}
],
"title": "Red Hat Security Advisory: mysql security update",
"tracking": {
"current_release_date": "2024-11-05T16:47:43+00:00",
"generator": {
"date": "2024-11-05T16:47:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2007:0894",
"initial_release_date": "2007-09-10T15:37:00+00:00",
"revision_history": [
{
"date": "2007-09-10T15:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-09-10T11:37:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T16:47:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product": {
"name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product": {
"name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-devel@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-cluster@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-server@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-test@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-debuginfo@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-bench@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-libs@5.0.44-1.el4s1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mysql-0:5.0.44-1.el4s1.1.x86_64",
"product": {
"name": "mysql-0:5.0.44-1.el4s1.1.x86_64",
"product_id": "mysql-0:5.0.44-1.el4s1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql@5.0.44-1.el4s1.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-debuginfo@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-libs-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-libs-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-libs-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-libs@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-devel-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-devel-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-devel-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-devel@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-cluster@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-server-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-server-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-server-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-server@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-test-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-test-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-test-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-test@5.0.44-1.el4s1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mysql-bench-0:5.0.44-1.el4s1.1.i386",
"product": {
"name": "mysql-bench-0:5.0.44-1.el4s1.1.i386",
"product_id": "mysql-bench-0:5.0.44-1.el4s1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-bench@5.0.44-1.el4s1.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-bench-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-bench-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-devel-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-devel-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-libs-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-libs-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-server-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-server-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-server-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-test-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-test-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-test-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
"product_id": "4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4AS-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-bench-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-bench-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-devel-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-devel-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-libs-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-libs-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-server-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-server-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-server-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-test-0:5.0.44-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386"
},
"product_reference": "mysql-test-0:5.0.44-1.el4s1.1.i386",
"relates_to_product_reference": "4ES-RHWAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-test-0:5.0.44-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
"product_id": "4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
},
"product_reference": "mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"relates_to_product_reference": "4ES-RHWAS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2691",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "241688"
}
],
"notes": [
{
"category": "description",
"text": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql DROP privilege not enforced when renaming tables",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2691"
},
{
"category": "external",
"summary": "RHBZ#241688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=241688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2691"
}
],
"release_date": "2007-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-09-10T15:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0894"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql DROP privilege not enforced when renaming tables"
},
{
"cve": "CVE-2007-2692",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "241689"
}
],
"notes": [
{
"category": "description",
"text": "The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql SECURITY INVOKER functions do not drop privileges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3 and 4.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2692"
},
{
"category": "external",
"summary": "RHBZ#241689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=241689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2692"
}
],
"release_date": "2007-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-09-10T15:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0894"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql SECURITY INVOKER functions do not drop privileges"
},
{
"cve": "CVE-2007-3780",
"discovery_date": "2007-08-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "254108"
}
],
"notes": [
{
"category": "description",
"text": "MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql malformed password crasher",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3780"
},
{
"category": "external",
"summary": "RHBZ#254108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3780",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3780"
}
],
"release_date": "2007-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-09-10T15:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0894"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mysql malformed password crasher"
},
{
"cve": "CVE-2007-3781",
"discovery_date": "2007-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "248553"
}
],
"notes": [
{
"category": "description",
"text": "MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "New release of MySQL fixes security bugs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3781"
},
{
"category": "external",
"summary": "RHBZ#248553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3781",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3781"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3781"
}
],
"release_date": "2007-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-09-10T15:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0894"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "New release of MySQL fixes security bugs"
},
{
"cve": "CVE-2007-3782",
"discovery_date": "2007-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "248553"
}
],
"notes": [
{
"category": "description",
"text": "MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "New release of MySQL fixes security bugs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3782"
},
{
"category": "external",
"summary": "RHBZ#248553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3782"
}
],
"release_date": "2007-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-09-10T15:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4AS-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-bench-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-cluster-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-debuginfo-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-devel-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-libs-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-server-0:5.0.44-1.el4s1.1.x86_64",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.i386",
"4ES-RHWAS:mysql-test-0:5.0.44-1.el4s1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0894"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "New release of MySQL fixes security bugs"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.