Linux Security
    Linux Security
    Linux Security

    Debian: New MySQL 4.0 packages fix several vulnerabilities

    Date 28 May 2006
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1079-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    May 29th, 2006                
    - --------------------------------------------------------------------------
    Package        : mysql-dfsg
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
    CERT advisory  : VU#602457
    BugTraq IDs    : 16850 17780
    Debian Bugs    : 366044 366049 366163
    Several vulnerabilities have been discovered in MySQL, a popular SQL
    database.  The Common Vulnerabilities and Exposures Project identifies
    the following problems:
        Improper handling of SQL queries containing the NULL character
        allow local users to bypass logging mechanisms.
        Usernames without a trailing null byte allow remote attackers to
        read portions of memory.
        A request with an incorrect packet length allows remote attackers
        to obtain sensitive information.
        Specially crafted request packets with invalid length values allow
        the execution of arbitrary code.
    The following vulnerability matrix shows which version of MySQL in
    which distribution has this problem fixed:
                       woody            sarge            sid
    mysql            3.23.49-8.15        n/a             n/a
    mysql-dfsg          n/a         4.0.24-10sarge2      n/a
    mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
    mysql-dfsg-5.0      n/a              n/a           5.0.21-3
    We recommend that you upgrade your mysql packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      966 42f14bb83f832f0f88bdabb317f62df8
          Size/MD5 checksum:    98938 9aaf7d794c14faa63a05d7630f683383
          Size/MD5 checksum:  9923794 aed8f335795a359f32492159e3edfaa3
      Architecture independent components:
          Size/MD5 checksum:    34566 f4aa726f5f9ec79e42799a40faabcf17
      Alpha architecture:
          Size/MD5 checksum:   356730 97904c2a773bc61c643e4dce283a2862
          Size/MD5 checksum:  4533478 8edafbc553d062864c4bb17cbca3211b
          Size/MD5 checksum:   520712 5883aef348e2eb1321b21051cdd604be
          Size/MD5 checksum:  4890620 824e4c4c078ef73612fccbea7e209651
      AMD64 architecture:
          Size/MD5 checksum:   309490 c7943142f1f618987c87073c5893174e
          Size/MD5 checksum:  3182676 e62cc19620500c5430447978b7e645c6
          Size/MD5 checksum:   434022 55e3f43e8ac136951fc1b679df820cd1
          Size/MD5 checksum:  3878414 5ab561357abca1720b9942c9f8e78a4e
      ARM architecture:
          Size/MD5 checksum:   288180 6869739c00a8151a181ec8cfffe1ec70
          Size/MD5 checksum:  2848430 945158edc0fba528a04f98170fe55921
          Size/MD5 checksum:   414176 8ecea50cf576d50bd5ceb6424915da52
          Size/MD5 checksum:  3482538 ae6cb51798ea91d7b6009dcd80a55e43
      Intel IA-32 architecture:
          Size/MD5 checksum:   296570 7cdd0f7a094215ab98249514031ef9a0
          Size/MD5 checksum:  2922132 84cffb8467493bcf0cf49ef3a21caa67
          Size/MD5 checksum:   415162 7bb2bfd6b9853d51abbf958eeed5b23f
          Size/MD5 checksum:  3645982 b2d2991bee2e019a45cbaa39fa7e9f6b
      Intel IA-64 architecture:
          Size/MD5 checksum:   395396 b03b6af8b0e21c8e80bbc8d2ef5c7817
          Size/MD5 checksum:  4472590 aa5afd6648c2034fd0d254100e2e42fc
          Size/MD5 checksum:   562984 e357eebc432a81d9f8f4c94f365528d4
          Size/MD5 checksum:  5328582 1f528438e2282f4b51c13932d70875fd
      HP Precision architecture:
          Size/MD5 checksum:   329948 864b11f30e86d7d2921caeda238f22f9
          Size/MD5 checksum:  3314390 12c74247254b89c93dc5aecf74c3249f
          Size/MD5 checksum:   456078 cf903d0dcb745d67f4ad66ad3a4b66f2
          Size/MD5 checksum:  3947304 f8feb350cc9a6db2979d215ea6735bda
      Motorola 680x0 architecture:
          Size/MD5 checksum:   279504 9a202261b9627190d15ab5bb7e98d0e2
          Size/MD5 checksum:  2665612 e49f8b011912473604c9df82047fd244
          Size/MD5 checksum:   390304 d04f65d12c590a0239408e3293c80714
          Size/MD5 checksum:  3293046 8a049030853d08742488a1e4dabc504d
      Big endian MIPS architecture:
          Size/MD5 checksum:   314170 41c279180276fcf8effa8573fe75a158
          Size/MD5 checksum:  3182296 f9fe3b82095434f04871092f1431d2d1
          Size/MD5 checksum:   457290 19243ed43a65f65a3dee76657274f365
          Size/MD5 checksum:  3813374 f71b04ee43e3629dd410dd72e0d1ac15
      Little endian MIPS architecture:
          Size/MD5 checksum:   313862 ae441e9b7d18e9f5b16a01243f8a292b
          Size/MD5 checksum:  3170026 7fdcb95df46e805c350d1035e5e3534e
          Size/MD5 checksum:   457296 fe2c3473cbcf10cbacb4a9606a8b285a
          Size/MD5 checksum:  3800380 db0f0b418fb92dd9978fe75df5356fef
      PowerPC architecture:
          Size/MD5 checksum:   315104 3f28badbf686cbff4a4905bdc507e31d
          Size/MD5 checksum:  3184308 8c986e6f386b84f960894575e557c6b7
          Size/MD5 checksum:   464662 d48488660fc50361bdb58dc446a67b89
          Size/MD5 checksum:  3842406 902b6725bcbf405d723f3bdb1f86b52b
      IBM S/390 architecture:
          Size/MD5 checksum:   324700 5e52e1cc8b4781dd510c0c36e54cef11
          Size/MD5 checksum:  2830282 e6dd53a143318bb922716105e9be4131
          Size/MD5 checksum:   442420 41c28b4e3e625278b6231be2c254e75c
          Size/MD5 checksum:  3665834 d8283a9161d27bec024d5f24822847ae
      Sun Sparc architecture:
          Size/MD5 checksum:   304688 6e3e90483f30e8c1e002594b69bbd7f9
          Size/MD5 checksum:  3270002 eb343d64b0e0b4d0c2f6f2197148f3e9
          Size/MD5 checksum:   430014 568bcb494e04f9e47e419a9cc7a7c49b
          Size/MD5 checksum:  3821652 2714c3d57dd30d1ef31951d452660f7c
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    Which is the best secure Linux distro for pentesting?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"174","title":"Kali Linux","votes":"20","type":"x","order":"1","pct":60.61,"resources":[]},{"id":"175","title":"Parrot OS","votes":"11","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"176","title":"BlackArch Linux","votes":"2","type":"x","order":"3","pct":6.06,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.