Debian: New MySQL 3.23 packages fix several vulnerabilities

    Date22 May 2006
    CategoryDebian
    4037
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1071-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    May 22nd, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mysql
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
    BugTraq ID     : 16850 17780
    Debian Bugs    : 366044 366049 366163 
    
    Several vulnerabilities have been discovered in MySQL, a popular SQL
    database.  The Common Vulnerabilities and Exposures Project identifies
    the following problems:
    
    CVE-2006-0903
    
        Improper handling of SQL queries containing the NULL character
        allow local users to bypass logging mechanisms.
    
    CVE-2006-1516
    
        Usernames without a trailing null byte allow remote attackers to
        read portions of memory.
    
    CVE-2006-1517
    
        A request with an incorrect packet length allows remote attackers
        to obtain sensitive information.
    
    CVE-2006-1518
    
        Specially crafted request packets with invalid length values allow
        the execution of arbitrary code.
    
    The following vulnerability matrix shows which version of MySQL in
    which distribution has this problem fixed:
    
                       woody            sarge            sid
    mysql            3.23.49-8.15        n/a             n/a
    mysql-dfsg          n/a         4.0.24-10sarge2      n/a
    mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
    mysql-dfsg-5.0      n/a              n/a           5.0.21-3
    
    We recommend that you upgrade your mysql packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.dsc
          Size/MD5 checksum:      879 21598d431082835b54d38a38c4cee858
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.diff.gz
          Size/MD5 checksum:    88097 f3c76dbd7c85581fa5475cf79c03d5f8
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
          Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.15_all.deb
          Size/MD5 checksum:    18728 4787fb8d534fccc0a75eef9886d653d1
        http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
          Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_alpha.deb
          Size/MD5 checksum:   280046 0fcc437bffad77818f655f3d7bc08172
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_alpha.deb
          Size/MD5 checksum:   781772 0805f9a947df42ceabcf7b5416313e5d
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_alpha.deb
          Size/MD5 checksum:   165452 38ea22176049a8e13ce3b5116d35b102
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_alpha.deb
          Size/MD5 checksum:  3637800 fa1cc6d356b0547eca7971a2bf59392f
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_arm.deb
          Size/MD5 checksum:   240550 b431eb6813bf479a158c5b907e1d7c70
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_arm.deb
          Size/MD5 checksum:   637232 9e7a5f1cbeda0a88e87490e13334d01f
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_arm.deb
          Size/MD5 checksum:   125784 be0adbfab6226363a69528e5f1e9f333
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_arm.deb
          Size/MD5 checksum:  2809700 73b8ef668254a7ba6ceb2feff4b540d9
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_i386.deb
          Size/MD5 checksum:   236716 fa80e65e6efb9a1f01f2832a82f9f905
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_i386.deb
          Size/MD5 checksum:   578846 959e7c46425a7454f7fe0b198b40762e
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_i386.deb
          Size/MD5 checksum:   124372 597d974c2470682b0f1de92271fdabbd
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_i386.deb
          Size/MD5 checksum:  2802762 82fb998296316b7226d1f850eaa273a8
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_ia64.deb
          Size/MD5 checksum:   317344 3d6a459ab7e69b4f0750a59a2d094758
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_ia64.deb
          Size/MD5 checksum:   851348 c8e69d70baf65b1a4fbbb73bf00632a1
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_ia64.deb
          Size/MD5 checksum:   175632 796a940396042f2bcaddea018ede0d51
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_ia64.deb
          Size/MD5 checksum:  4002688 67622e35054325460cdd6394a9e4dfc8
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_hppa.deb
          Size/MD5 checksum:   282948 29bc465081e3f6dec23d03a13f75398a
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_hppa.deb
          Size/MD5 checksum:   746560 4fd1b58b087205fe1765ad9a51f93a8e
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_hppa.deb
          Size/MD5 checksum:   142410 6d5e857627d9bda09f5ae17a1fe13c8b
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_hppa.deb
          Size/MD5 checksum:  3516934 db9c3c9c1cec3fac8b7001bdd9faf35a
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_m68k.deb
          Size/MD5 checksum:   229876 c003c14ea7a782d36a2bbc236833233e
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_m68k.deb
          Size/MD5 checksum:   559992 b7d8bac43dbe0beafc7144ed86d6e5ac
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_m68k.deb
          Size/MD5 checksum:   120210 7581609f153cf2ac84a21bb29f764a78
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_m68k.deb
          Size/MD5 checksum:  2649814 51d9886ff911f0759f31fec56caab4c1
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mips.deb
          Size/MD5 checksum:   253148 70974b32fbed73a10eaccebfad27ad6a
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mips.deb
          Size/MD5 checksum:   691458 f03714859bb5e48357dee35f1cbd4825
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mips.deb
          Size/MD5 checksum:   135674 efc3f06dd8a7251d931eacce61300011
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mips.deb
          Size/MD5 checksum:  2852048 6bc57fb54a11f7f3940d72b2a2692ec5
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mipsel.deb
          Size/MD5 checksum:   252828 b8f8b9a9eec8937f6b8affc4adc27613
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mipsel.deb
          Size/MD5 checksum:   690894 ba822c97fbb74a3eb4d12fc6cbb6f1b4
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mipsel.deb
          Size/MD5 checksum:   136026 d0ab4e4118754fd62abfed7de2d657de
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mipsel.deb
          Size/MD5 checksum:  2841334 ce1ac81fed6b0866c27421ce8762cd56
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_powerpc.deb
          Size/MD5 checksum:   249906 6a8e1eabc665780bef0cfcd02f80bd40
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_powerpc.deb
          Size/MD5 checksum:   655160 683b9da469a9fbf322070fd14d604620
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_powerpc.deb
          Size/MD5 checksum:   131254 9caa84083ac02d3f42e8db1b01f335a6
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_powerpc.deb
          Size/MD5 checksum:  2826740 9aae136488c4a46027f2e873d530e588
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_s390.deb
          Size/MD5 checksum:   252176 40e38e7ead56c32e9bb97623525bf637
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_s390.deb
          Size/MD5 checksum:   610058 f5fdde465807c3fb1158013d2b78efce
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_s390.deb
          Size/MD5 checksum:   128222 2def1019311f8c90d5be16f34f1c1a0b
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_s390.deb
          Size/MD5 checksum:  2694420 85e5072479f5eb881d94465b47ff25a1
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_sparc.deb
          Size/MD5 checksum:   243122 362233b968a81c7e6c5dc3d5f150ee47
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_sparc.deb
          Size/MD5 checksum:   618384 a246d3b87d68ab7ad7c50a81fd9a7323
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_sparc.deb
          Size/MD5 checksum:   132200 fd8be426a84c6657d1c5e2591196e1d8
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_sparc.deb
          Size/MD5 checksum:  2943524 403784da03722d525674901acdea685a
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.