Debian: New MySQL 4.0 packages fix several vulnerabilities

    Date28 May 2006
    CategoryDebian
    4033
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1079-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    May 29th, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mysql-dfsg
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
    CERT advisory  : VU#602457
    BugTraq IDs    : 16850 17780
    Debian Bugs    : 366044 366049 366163
    
    Several vulnerabilities have been discovered in MySQL, a popular SQL
    database.  The Common Vulnerabilities and Exposures Project identifies
    the following problems:
    
    CVE-2006-0903
    
        Improper handling of SQL queries containing the NULL character
        allow local users to bypass logging mechanisms.
    
    CVE-2006-1516
    
        Usernames without a trailing null byte allow remote attackers to
        read portions of memory.
    
    CVE-2006-1517
    
        A request with an incorrect packet length allows remote attackers
        to obtain sensitive information.
    
    CVE-2006-1518
    
        Specially crafted request packets with invalid length values allow
        the execution of arbitrary code.
    
    The following vulnerability matrix shows which version of MySQL in
    which distribution has this problem fixed:
    
                       woody            sarge            sid
    mysql            3.23.49-8.15        n/a             n/a
    mysql-dfsg          n/a         4.0.24-10sarge2      n/a
    mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
    mysql-dfsg-5.0      n/a              n/a           5.0.21-3
    
    We recommend that you upgrade your mysql packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.dsc
          Size/MD5 checksum:      966 42f14bb83f832f0f88bdabb317f62df8
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.diff.gz
          Size/MD5 checksum:    98938 9aaf7d794c14faa63a05d7630f683383
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
          Size/MD5 checksum:  9923794 aed8f335795a359f32492159e3edfaa3
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge2_all.deb
          Size/MD5 checksum:    34566 f4aa726f5f9ec79e42799a40faabcf17
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_alpha.deb
          Size/MD5 checksum:   356730 97904c2a773bc61c643e4dce283a2862
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb
          Size/MD5 checksum:  4533478 8edafbc553d062864c4bb17cbca3211b
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_alpha.deb
          Size/MD5 checksum:   520712 5883aef348e2eb1321b21051cdd604be
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_alpha.deb
          Size/MD5 checksum:  4890620 824e4c4c078ef73612fccbea7e209651
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_amd64.deb
          Size/MD5 checksum:   309490 c7943142f1f618987c87073c5893174e
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_amd64.deb
          Size/MD5 checksum:  3182676 e62cc19620500c5430447978b7e645c6
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_amd64.deb
          Size/MD5 checksum:   434022 55e3f43e8ac136951fc1b679df820cd1
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_amd64.deb
          Size/MD5 checksum:  3878414 5ab561357abca1720b9942c9f8e78a4e
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_arm.deb
          Size/MD5 checksum:   288180 6869739c00a8151a181ec8cfffe1ec70
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb
          Size/MD5 checksum:  2848430 945158edc0fba528a04f98170fe55921
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_arm.deb
          Size/MD5 checksum:   414176 8ecea50cf576d50bd5ceb6424915da52
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_arm.deb
          Size/MD5 checksum:  3482538 ae6cb51798ea91d7b6009dcd80a55e43
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_i386.deb
          Size/MD5 checksum:   296570 7cdd0f7a094215ab98249514031ef9a0
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb
          Size/MD5 checksum:  2922132 84cffb8467493bcf0cf49ef3a21caa67
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_i386.deb
          Size/MD5 checksum:   415162 7bb2bfd6b9853d51abbf958eeed5b23f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_i386.deb
          Size/MD5 checksum:  3645982 b2d2991bee2e019a45cbaa39fa7e9f6b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_ia64.deb
          Size/MD5 checksum:   395396 b03b6af8b0e21c8e80bbc8d2ef5c7817
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb
          Size/MD5 checksum:  4472590 aa5afd6648c2034fd0d254100e2e42fc
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_ia64.deb
          Size/MD5 checksum:   562984 e357eebc432a81d9f8f4c94f365528d4
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_ia64.deb
          Size/MD5 checksum:  5328582 1f528438e2282f4b51c13932d70875fd
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_hppa.deb
          Size/MD5 checksum:   329948 864b11f30e86d7d2921caeda238f22f9
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb
          Size/MD5 checksum:  3314390 12c74247254b89c93dc5aecf74c3249f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_hppa.deb
          Size/MD5 checksum:   456078 cf903d0dcb745d67f4ad66ad3a4b66f2
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_hppa.deb
          Size/MD5 checksum:  3947304 f8feb350cc9a6db2979d215ea6735bda
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_m68k.deb
          Size/MD5 checksum:   279504 9a202261b9627190d15ab5bb7e98d0e2
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb
          Size/MD5 checksum:  2665612 e49f8b011912473604c9df82047fd244
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_m68k.deb
          Size/MD5 checksum:   390304 d04f65d12c590a0239408e3293c80714
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_m68k.deb
          Size/MD5 checksum:  3293046 8a049030853d08742488a1e4dabc504d
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mips.deb
          Size/MD5 checksum:   314170 41c279180276fcf8effa8573fe75a158
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb
          Size/MD5 checksum:  3182296 f9fe3b82095434f04871092f1431d2d1
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mips.deb
          Size/MD5 checksum:   457290 19243ed43a65f65a3dee76657274f365
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mips.deb
          Size/MD5 checksum:  3813374 f71b04ee43e3629dd410dd72e0d1ac15
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mipsel.deb
          Size/MD5 checksum:   313862 ae441e9b7d18e9f5b16a01243f8a292b
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mipsel.deb
          Size/MD5 checksum:  3170026 7fdcb95df46e805c350d1035e5e3534e
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mipsel.deb
          Size/MD5 checksum:   457296 fe2c3473cbcf10cbacb4a9606a8b285a
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mipsel.deb
          Size/MD5 checksum:  3800380 db0f0b418fb92dd9978fe75df5356fef
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_powerpc.deb
          Size/MD5 checksum:   315104 3f28badbf686cbff4a4905bdc507e31d
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_powerpc.deb
          Size/MD5 checksum:  3184308 8c986e6f386b84f960894575e557c6b7
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_powerpc.deb
          Size/MD5 checksum:   464662 d48488660fc50361bdb58dc446a67b89
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_powerpc.deb
          Size/MD5 checksum:  3842406 902b6725bcbf405d723f3bdb1f86b52b
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_s390.deb
          Size/MD5 checksum:   324700 5e52e1cc8b4781dd510c0c36e54cef11
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_s390.deb
          Size/MD5 checksum:  2830282 e6dd53a143318bb922716105e9be4131
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_s390.deb
          Size/MD5 checksum:   442420 41c28b4e3e625278b6231be2c254e75c
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_s390.deb
          Size/MD5 checksum:  3665834 d8283a9161d27bec024d5f24822847ae
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_sparc.deb
          Size/MD5 checksum:   304688 6e3e90483f30e8c1e002594b69bbd7f9
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_sparc.deb
          Size/MD5 checksum:  3270002 eb343d64b0e0b4d0c2f6f2197148f3e9
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_sparc.deb
          Size/MD5 checksum:   430014 568bcb494e04f9e47e419a9cc7a7c49b
        http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_sparc.deb
          Size/MD5 checksum:  3821652 2714c3d57dd30d1ef31951d452660f7c
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.