Linux Security
Linux Security
Linux Security

Debian: New MySQL 4.0 packages fix several vulnerabilities

Date 28 May 2006
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1079-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
May 29th, 2006                
- --------------------------------------------------------------------------

Package        : mysql-dfsg
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
CERT advisory  : VU#602457
BugTraq IDs    : 16850 17780
Debian Bugs    : 366044 366049 366163

Several vulnerabilities have been discovered in MySQL, a popular SQL
database.  The Common Vulnerabilities and Exposures Project identifies
the following problems:


    Improper handling of SQL queries containing the NULL character
    allow local users to bypass logging mechanisms.


    Usernames without a trailing null byte allow remote attackers to
    read portions of memory.


    A request with an incorrect packet length allows remote attackers
    to obtain sensitive information.


    Specially crafted request packets with invalid length values allow
    the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

                   woody            sarge            sid
mysql            3.23.49-8.15        n/a             n/a
mysql-dfsg          n/a         4.0.24-10sarge2      n/a
mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
mysql-dfsg-5.0      n/a              n/a           5.0.21-3

We recommend that you upgrade your mysql packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      966 42f14bb83f832f0f88bdabb317f62df8
      Size/MD5 checksum:    98938 9aaf7d794c14faa63a05d7630f683383
      Size/MD5 checksum:  9923794 aed8f335795a359f32492159e3edfaa3

  Architecture independent components:
      Size/MD5 checksum:    34566 f4aa726f5f9ec79e42799a40faabcf17

  Alpha architecture:
      Size/MD5 checksum:   356730 97904c2a773bc61c643e4dce283a2862
      Size/MD5 checksum:  4533478 8edafbc553d062864c4bb17cbca3211b
      Size/MD5 checksum:   520712 5883aef348e2eb1321b21051cdd604be
      Size/MD5 checksum:  4890620 824e4c4c078ef73612fccbea7e209651

  AMD64 architecture:
      Size/MD5 checksum:   309490 c7943142f1f618987c87073c5893174e
      Size/MD5 checksum:  3182676 e62cc19620500c5430447978b7e645c6
      Size/MD5 checksum:   434022 55e3f43e8ac136951fc1b679df820cd1
      Size/MD5 checksum:  3878414 5ab561357abca1720b9942c9f8e78a4e

  ARM architecture:
      Size/MD5 checksum:   288180 6869739c00a8151a181ec8cfffe1ec70
      Size/MD5 checksum:  2848430 945158edc0fba528a04f98170fe55921
      Size/MD5 checksum:   414176 8ecea50cf576d50bd5ceb6424915da52
      Size/MD5 checksum:  3482538 ae6cb51798ea91d7b6009dcd80a55e43

  Intel IA-32 architecture:
      Size/MD5 checksum:   296570 7cdd0f7a094215ab98249514031ef9a0
      Size/MD5 checksum:  2922132 84cffb8467493bcf0cf49ef3a21caa67
      Size/MD5 checksum:   415162 7bb2bfd6b9853d51abbf958eeed5b23f
      Size/MD5 checksum:  3645982 b2d2991bee2e019a45cbaa39fa7e9f6b

  Intel IA-64 architecture:
      Size/MD5 checksum:   395396 b03b6af8b0e21c8e80bbc8d2ef5c7817
      Size/MD5 checksum:  4472590 aa5afd6648c2034fd0d254100e2e42fc
      Size/MD5 checksum:   562984 e357eebc432a81d9f8f4c94f365528d4
      Size/MD5 checksum:  5328582 1f528438e2282f4b51c13932d70875fd

  HP Precision architecture:
      Size/MD5 checksum:   329948 864b11f30e86d7d2921caeda238f22f9
      Size/MD5 checksum:  3314390 12c74247254b89c93dc5aecf74c3249f
      Size/MD5 checksum:   456078 cf903d0dcb745d67f4ad66ad3a4b66f2
      Size/MD5 checksum:  3947304 f8feb350cc9a6db2979d215ea6735bda

  Motorola 680x0 architecture:
      Size/MD5 checksum:   279504 9a202261b9627190d15ab5bb7e98d0e2
      Size/MD5 checksum:  2665612 e49f8b011912473604c9df82047fd244
      Size/MD5 checksum:   390304 d04f65d12c590a0239408e3293c80714
      Size/MD5 checksum:  3293046 8a049030853d08742488a1e4dabc504d

  Big endian MIPS architecture:
      Size/MD5 checksum:   314170 41c279180276fcf8effa8573fe75a158
      Size/MD5 checksum:  3182296 f9fe3b82095434f04871092f1431d2d1
      Size/MD5 checksum:   457290 19243ed43a65f65a3dee76657274f365
      Size/MD5 checksum:  3813374 f71b04ee43e3629dd410dd72e0d1ac15

  Little endian MIPS architecture:
      Size/MD5 checksum:   313862 ae441e9b7d18e9f5b16a01243f8a292b
      Size/MD5 checksum:  3170026 7fdcb95df46e805c350d1035e5e3534e
      Size/MD5 checksum:   457296 fe2c3473cbcf10cbacb4a9606a8b285a
      Size/MD5 checksum:  3800380 db0f0b418fb92dd9978fe75df5356fef

  PowerPC architecture:
      Size/MD5 checksum:   315104 3f28badbf686cbff4a4905bdc507e31d
      Size/MD5 checksum:  3184308 8c986e6f386b84f960894575e557c6b7
      Size/MD5 checksum:   464662 d48488660fc50361bdb58dc446a67b89
      Size/MD5 checksum:  3842406 902b6725bcbf405d723f3bdb1f86b52b

  IBM S/390 architecture:
      Size/MD5 checksum:   324700 5e52e1cc8b4781dd510c0c36e54cef11
      Size/MD5 checksum:  2830282 e6dd53a143318bb922716105e9be4131
      Size/MD5 checksum:   442420 41c28b4e3e625278b6231be2c254e75c
      Size/MD5 checksum:  3665834 d8283a9161d27bec024d5f24822847ae

  Sun Sparc architecture:
      Size/MD5 checksum:   304688 6e3e90483f30e8c1e002594b69bbd7f9
      Size/MD5 checksum:  3270002 eb343d64b0e0b4d0c2f6f2197148f3e9
      Size/MD5 checksum:   430014 568bcb494e04f9e47e419a9cc7a7c49b
      Size/MD5 checksum:  3821652 2714c3d57dd30d1ef31951d452660f7c

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"69","type":"x","order":"1","pct":75.82,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.79,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.