Debian: mysql Insecure temporary file vulnerability


Debian Security Advisory DSA 540-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
August 18th, 2004                        Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : insecure file creation
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0457

Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an insecure
temporary file vulnerability in the mysqlhotcopy script when using the
scp method which is part of the mysql-server packge

For the stable distribution (woody) this problem has been fixed in
version 3.23.49-8.7 of mysql.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.20-11 of mysql-dfsg.

We recommend that you upgrade your mysql-server package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      875 0253bc04d4342b0b47be1ac4be381fcb
      
      Size/MD5 checksum:    62203 56ed69d5cf8f501a3dfcd26c5424967b
      
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:

      
      Size/MD5 checksum:    16966 0d4cd91f0862c147d2a4fcb190220e46
      
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:

      
      Size/MD5 checksum:   277782 84bbf59abaf73966c82c335af4e0ef33
      
      Size/MD5 checksum:   778838 d40cc28047accb94bb6c2cad46c46830
      
      Size/MD5 checksum:   163608 35b77731392a90711e8a0d4f4452380d
      
      Size/MD5 checksum:  3634314 633ac1e9469ee237a98b591a48c3e07b

  ARM architecture:

      
      Size/MD5 checksum:   238392 b75905023a478a1f94b5a7208ec8976e
      
      Size/MD5 checksum:   634684 371509a46f9810a8332435743a59ec68
      
      Size/MD5 checksum:   124018 c5502886cc95d7c30e61c37b5236c7ab
      
      Size/MD5 checksum:  2806166 8273e10a96155956e136d16308f0c733

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   234728 d750bba77d074b2c08214a4079f71993
      
      Size/MD5 checksum:   576628 a56c5b97161e912ae083aa77aeceaeda
      
      Size/MD5 checksum:   122568 e2ca446cef57cffc83e3c4424436fb48
      
      Size/MD5 checksum:  2800660 83d57e469ffe22060c25cc7ad0275b90

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   315114 d4130def7e18f8df5b666a6a6f76e04c
      
      Size/MD5 checksum:   848640 1c224cfb5bb1a353267111b5e5332340
      
      Size/MD5 checksum:   173834 e12daa69c9d09caa8a2a89fe139ba2ae
      
      Size/MD5 checksum:  4000194 0a9a09412a045fc321db24cae47855fd

  HP Precision architecture:

      
      Size/MD5 checksum:   280660 82775e57a5f2149525b22913360b1b7b
      
      Size/MD5 checksum:   743766 a0ab2c3dee3a7f21353993beb69af4be
      
      Size/MD5 checksum:   140656 9f420fba715ddddb8449c92f726cd535
      
      Size/MD5 checksum:  3514790 24fe02cf3d7ad3a3e875ae5192248fe6

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   227724 6b369645a2ab31d3b9e3818376f96f14
      
      Size/MD5 checksum:   557870 950f89f1e47451bcada42afbfc1616b3
      
      Size/MD5 checksum:   118440 fcf4b08ce268a75860c30534bc24c7c3
      
      Size/MD5 checksum:  2646646 d2280764c2e1f01bbfe3c3d4f168cf20

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   250988 cccf9eeaa5124a56cf44746b1f041d67
      
      Size/MD5 checksum:   689130 88f5d5d1643099bd81706d64a6af3c2b
      
      Size/MD5 checksum:   133938 89f000380c7e3b13f87e8fca48e00e7e
      
      Size/MD5 checksum:  2848238 c970656b529ebe83d7e8b40e5b4cd8f6

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   250664 e53634cf126c1568a9a4d594cd233497
      
      Size/MD5 checksum:   688600 072446a7a7f6c3a68a2a27b44fe86d93
      
      Size/MD5 checksum:   134302 a371a6148b5d8447fdd4bc351c60aaab
      
      Size/MD5 checksum:  2839356 9ddea423e6af652be2cccb798ee5b79b

  PowerPC architecture:

      
      Size/MD5 checksum:   247750 d0834fcb13cd965944cd2e333fde4e1b
      
      Size/MD5 checksum:   652692 d95b165e3d32e7c0fed77894b26d4099
      
      Size/MD5 checksum:   129464 6c5a3a147f8addfb11468363ac9d359f
      
      Size/MD5 checksum:  2823174 a9b047917ec5434d43822012b71a7089

  IBM S/390 architecture:

      
      Size/MD5 checksum:   250064 ff9145b181f1444666dad04737a150e0
      
      Size/MD5 checksum:   607144 0e83a668c929ced395cf3ca606e0f12c
      
      Size/MD5 checksum:   126464 68d3a65090e78b4f55b2a9a462a950fb
      
      Size/MD5 checksum:  2691100 45694091af758ba8caa1a377770f21f8

  Sun Sparc architecture:

      
      Size/MD5 checksum:   241270 4e646c1bb89ead3639a17687841520c2
      
      Size/MD5 checksum:   615778 d8c22eaba1f675ee99e5b86f3eedbd5e
      
      Size/MD5 checksum:   130430 fbd382e2af812d545810ea0dd3813ad6
      
      Size/MD5 checksum:  2939782 9094961028c0f5d32fa1c5aebf5beec2

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/
Debian: mysql Insecure temporary file vulnerability

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
