Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2057-1: New mysql-dfsg-5.0 packages fix several

    Date 07 Jun 2010
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2057-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                        Giuseppe Iuculano
    June 07, 2010               
    - ------------------------------------------------------------------------
    Package        : mysql-dfsg-5.0
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850
    Several vulnerabilities have been discovered in the MySQL
    database server.
    The Common Vulnerabilities and Exposures project identifies the
    following problems:
    MySQL allows local users to delete the data and index files of another
    user's MyISAM table via a symlink attack in conjunction with the DROP
    TABLE command.
    MySQL failed to check the table name argument of a COM_FIELD_LIST
    command packet for validity and compliance to acceptable table name
    standards. This allows an authenticated user with SELECT privileges on
    one table to obtain the field definitions of any table in all other
    databases and potentially of other MySQL instances accessible from the
    server's file system.
    MySQL could be tricked to read packets indefinitely if it received a
    packet larger than the maximum size of one packet.
    This results in high CPU usage and thus denial of service conditions.
    MySQL was susceptible to a buffer-overflow attack due to a
    failure to perform bounds checking on the table name argument of a
    COM_FIELD_LIST command packet. By sending long data for the table
    name, a buffer is overflown, which could be exploited by an
    authenticated user to inject malicious code.
    For the stable distribution (lenny), these problems have been fixed in
    version 5.0.51a-24+lenny4
    The testing (squeeze) and unstable (sid) distribution do not contain
    mysql-dfsg-5.0 anymore.
    We recommend that you upgrade your mysql-dfsg-5.0 package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:   382688 98904282d9b1ba07a5fa441695c9cefd
        Size/MD5 checksum:     1746 213d7a9655000a669a9262b68a645b84
        Size/MD5 checksum: 17946664 6fae978908ad5eb790fa3f24f16dadba
    Architecture independent packages:
        Size/MD5 checksum:    53012 7b2c03b1e86bb4634bb65b7fd65a8ce0
        Size/MD5 checksum:    55208 0059173c20f96569e532f34e8d8e6d3d
        Size/MD5 checksum:    61784 165889f524b9cd317462910f34871652
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:  9069806 dbf1efe0f87962a0ce24c3c2026f08fe
        Size/MD5 checksum:  8921072 4109cdb9b571b8384e22990f049077e5
        Size/MD5 checksum: 28367370 1f7b2cbe390dc19230b83aac2b427a1c
        Size/MD5 checksum:  2017406 121ad24e4ef9408540b34f4c954ea03a
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:  7586258 dbffd3dcb28daa3070b68f0ee268d6b3
        Size/MD5 checksum: 27296900 030ee9c14fbb373617e77158fb56c40f
        Size/MD5 checksum:  8207020 233dde7fe1c8d16757862037b7f8c551
        Size/MD5 checksum:  1905200 8296b7de029b8208828981d151ad7013
    arm architecture (ARM)
        Size/MD5 checksum: 26227842 f2e1a010442bd1b007aa1b12192e507c
        Size/MD5 checksum:  7158596 b06eb5f03ef7cbc2bdbda36d5f286411
        Size/MD5 checksum:  7614948 a3e30a83a7a314001445b0dd39415516
        Size/MD5 checksum:  1779078 69f97725b1aa16018a8b59e3f3723568
    armel architecture (ARM EABI)
        Size/MD5 checksum:  7261064 5526963b33325b3d6dec386f203ef4c3
        Size/MD5 checksum: 26225224 7ac517f02119cb0d7f9d1dd27d863a0b
        Size/MD5 checksum:  7650776 41fd6ce03ecbad3ebc876a145a440bc9
        Size/MD5 checksum:  1782498 8c8ffcec7cfcf2deaa622bbd3bd3e890
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:  8435372 3685c8fbee92cc421e2636956caf726a
        Size/MD5 checksum:  1958982 3951104d822d5231b6bcc726bd3f538c
        Size/MD5 checksum: 27898560 9fbee7a1ac008f5229bc1b6063461d8e
        Size/MD5 checksum:  8176082 91f0424391f249a6d3f86bd7adfa9bfb
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  7201148 dec28c17afdfbc427b03b3dc7b16ae80
        Size/MD5 checksum:  1860698 fa79c4525944c5fc2938838697991d2a
        Size/MD5 checksum:  7785564 59607135a3509e3bdf5aacbe0f7b9e27
        Size/MD5 checksum: 26655616 660b2d3f55af9a0ffff5dec3ccb265b2
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:  2186514 3643a5fd53f47e6b37a657c2b985de5d
        Size/MD5 checksum: 31432404 302295754438d88e1f29543d92cabfee
        Size/MD5 checksum: 10914492 012586f98c3ef1f59105f7252abae54e
        Size/MD5 checksum:  9934262 52aaca8c884acb288570c7187dc80fe6
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:  7886638 3674f662a26dee543e841dbc1aa90001
        Size/MD5 checksum: 26949468 c16b353714abef0109c31f24cd95157a
        Size/MD5 checksum:  1857996 19eb0e571e285ed370ff048a86c180de
        Size/MD5 checksum:  7852966 ad5ceec59cd351e9643f3fe7815899e4
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:  7778208 efd2025f639ba1f75601692d1f773482
        Size/MD5 checksum: 26454824 8c5c4d499e98a454d994a9799f867235
        Size/MD5 checksum:  1818040 983d9f0b274554af24895a9bf9da2d58
        Size/MD5 checksum:  7724872 2afe270ee53d403ff3d1b5e1449fb6cf
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  1917272 3e0cd81b4034a0572a04f0825f63539f
        Size/MD5 checksum: 27147186 a29b658c4a423ade01f38d383d8990bb
        Size/MD5 checksum:  8155688 cf97ff51341b672a192b29fb196a33d8
        Size/MD5 checksum:  7606414 a5ff20347ea77cba2e1f9775462b4e3b
    s390 architecture (IBM S/390)
        Size/MD5 checksum: 28243518 d76d51037f58b1a4d55e2721b6b524dd
        Size/MD5 checksum:  7703306 7ded6daec5c06279f46e9e077f972fc2
        Size/MD5 checksum:  2032080 df093a3278065afc3623d993760142b5
        Size/MD5 checksum:  8238026 4121d28d8ee97640c82faf40745d64fb
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum: 26847970 562cd268e46900380d05e83d48e7f854
        Size/MD5 checksum:  7758418 446a2a74ca3c548d3fe9286c7534ca25
        Size/MD5 checksum:  1872840 2ea462a86056196ca11bf08a700f461a
        Size/MD5 checksum:  7144452 8bb91966144e610e56f1480f23c6d47a
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"12","type":"x","order":"1","pct":36.36,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.18,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":45.45,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.