Linux Security
Linux Security
Linux Security

Debian: MySQL 4.1 fix several vulnerabilities DSA-1073-1

Date 22 May 2006
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1073-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
May 22nd, 2006                
- --------------------------------------------------------------------------

Package        : mysql-dfsg-4.1
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
CERT advisory  : VU#602457
BugTraq IDs    : 16850 17780
Debian Bugs    : 366043 366048 366162

Several vulnerabilities have been discovered in MySQL, a popular SQL
database.  The Common Vulnerabilities and Exposures Project identifies
the following problems:


    Improper handling of SQL queries containing the NULL character
    allow local users to bypass logging mechanisms.


    Usernames without a trailing null byte allow remote attackers to
    read portions of memory.


    A request with an incorrect packet length allows remote attackers
    to obtain sensitive information.


    Specially crafted request packets with invalid length values allow
    the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

                   woody            sarge            sid
mysql            3.23.49-8.15        n/a             n/a
mysql-dfsg          n/a         4.0.24-10sarge2      n/a
mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
mysql-dfsg-5.0      n/a              n/a           5.0.21-3

We recommend that you upgrade your mysql packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1029 fe1531d1b5169733638e64b98a0f2472
      Size/MD5 checksum:   166194 9ebbc861250d2e411a5e35cb7fc7fa6b
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

  Architecture independent components:
      Size/MD5 checksum:    36074 dfb28c5169a7eaffd8fe72748a4a8a44

  Alpha architecture:
      Size/MD5 checksum:  1590330 f982bc8df8b3ff88b6284e81223d69b5
      Size/MD5 checksum:  7965144 881d5404f897d454100ee9a0b758b22b
      Size/MD5 checksum:  1000496 30eb22210f99994481d1cb8d0f49ea70
      Size/MD5 checksum: 17487728 c0a3b1d60dd487ae9d468dc7052c4c1b

  AMD64 architecture:
      Size/MD5 checksum:  1451580 f407ef8b6c520b23020df6f8ce4495aa
      Size/MD5 checksum:  5551440 d1ded46c8b586cdee728fab22180208f
      Size/MD5 checksum:   849082 9161807c8c260e7e0e2cd0cb9fa3a79d
      Size/MD5 checksum: 14711044 d2d9275ff03c2c04adb64658a7e78564

  ARM architecture:
      Size/MD5 checksum:  1388548 d823fd3ad8b1c5d54bfd7dbfc0957809
      Size/MD5 checksum:  5558362 4f49eae43b10441c852a91f02d9383fc
      Size/MD5 checksum:   836292 8616c375f5da29fac8c75081475390e8
      Size/MD5 checksum: 14557420 ac1dd6ea1d457a55f0920cf5367df57a

  Intel IA-32 architecture:
      Size/MD5 checksum:  1417574 c6bdb99fa2ab2def5403bfd97657b3bf
      Size/MD5 checksum:  5643226 a407082ba8a04f1753f70fe9c8e3f70c
      Size/MD5 checksum:   830226 997baad8b8255166dfebd155f24c7558
      Size/MD5 checksum: 14557608 c73ddde57d286c9df3742d5fd619281b

  Intel IA-64 architecture:
      Size/MD5 checksum:  1712842 eef94aab0159f71a9fd90772f91b4a76
      Size/MD5 checksum:  7782132 755cc9d914f6ae116d5540920bf8dc99
      Size/MD5 checksum:  1050204 b2ee7722223cb450f866ce69852fe304
      Size/MD5 checksum: 18475254 c72ffcb6e1e7796b466950aceae48bb3

  HP Precision architecture:
      Size/MD5 checksum:  1550772 a7627788d338b1ee32017bbafcdd1bcd
      Size/MD5 checksum:  6249776 3d4fc83da65ac4fe5a4b6135a20debf8
      Size/MD5 checksum:   909638 ebf27138ed29103d90e6be0f5a8e28a0
      Size/MD5 checksum: 15791200 3be40e327c9c309556f9b767fe6b8e58

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1397530 e0e5f01d008cd40ee38b7e7a30f5d69e
      Size/MD5 checksum:  5283788 d4186f7a2c0c231d4376087a51b74a5a
      Size/MD5 checksum:   803448 772bd59ae1d8ea5af95dc2b416661608
      Size/MD5 checksum: 14071540 766cce55819838830b209a23b343c5c2

  Big endian MIPS architecture:
      Size/MD5 checksum:  1478502 618699397eb82eead99acf01c4d25f59
      Size/MD5 checksum:  6052694 7fe59dab19ac323389bdbefefcb2f472
      Size/MD5 checksum:   904080 d140aaa93ad6fc52372b6860f5196685
      Size/MD5 checksum: 15410072 ffd30ff403a343eda1467d543a9485bc

  Little endian MIPS architecture:
      Size/MD5 checksum:  1445934 a5642a17a417b705c53b6689727f28d9
      Size/MD5 checksum:  5971150 cb94a8fac63741d802344a41758108e1
      Size/MD5 checksum:   889688 bf8b2046d3da235c9717342c0fe802d7
      Size/MD5 checksum: 15104986 c67d26b51c37892ced55a971c3e2ed73

  PowerPC architecture:
      Size/MD5 checksum:  1476442 b6365d6bef0817718550fd344151b3a6
      Size/MD5 checksum:  6027254 cb0be5d5ff7180c0e36850a69a5159c6
      Size/MD5 checksum:   906982 23b1bb52a6df22e84f3677e3eec0c0b4
      Size/MD5 checksum: 15402586 2af7f90038dbb3f60cc1c62c159ff18e

  IBM S/390 architecture:
      Size/MD5 checksum:  1538088 68fd210fd6eb741baa8ae48540ce696c
      Size/MD5 checksum:  5461222 0734f9fec16ab4b2aa96bc53fb68fdae
      Size/MD5 checksum:   883848 4cf9f929345df7259c78b731a8eda589
      Size/MD5 checksum: 15055130 883b34ff52b3fffdf62845cabe5a99c4

  Sun Sparc architecture:
      Size/MD5 checksum:  1460258 513bb61a8a20c6eb55722b37a21010eb
      Size/MD5 checksum:  6207684 b6191cb684d4d7057d5577840d932d6d
      Size/MD5 checksum:   867786 a695ec3e218569ce84ad39413e113123
      Size/MD5 checksum: 15391404 79c1c0e272f8f21b9b72486945104400

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":80,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"8","type":"x","order":"2","pct":12.31,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":7.69,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.